Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Xitami | Xitami | 2.4 (including) | 2.5 (including) |
Xitami | Xitami | 2.5-beta4 (including) | 2.5-beta4 (including) |