Intrusion Prevention

WWWBoard.PasswordFile.Disclosure

Description

It indicates a potentially malicious attempt to access the WWWBoard password file.

WWWBoard is a web message board package. There exists a vulnerability in WWWBoard that allows attackers to access the password file under web root directory.

Affected Products

Any unprotected WWWBoard is vulnerable to the attack.

Impact

Attackers can gain access to the password file that stores encrypted passwords, which can be used to launch further attacks.

Recommended Actions

Apply appropriate patches and/or upgrade the program to the latest non-vulnerable version.

Remove the password file under the web root directory.

CVE References

CVE-1999-0953

Other References

1