Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Xitami | Imatix | 2.4 | 2.4 |
Xitami | Imatix | 2.5 | 2.5 |
Xitami | Imatix | 2.5_b4 | 2.5_b4 |