CVE-2008-3395

Name of the Vulnerable Software and Affected Versions Calacode @Mail version 5.41

Description The issue allows local users to obtain sensitive information by reading certain files due to weak world-readable permissions. Specifically, the files webmail/libs/Atmail/Config.php and webmail/webadmin/.htpasswd can be read to gain access to sensitive information.

Recommendations For Calacode @Mail version 5.41, consider changing the permissions of the webmail/libs/Atmail/Config.php and webmail/webadmin/.htpasswd files to restrict read access to authorized users only. As a temporary workaround, restrict access to these files to minimize the risk of exploitation.