An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint.
Weakness
The product stores a password in a configuration file that might be accessible to actors who do not know the password.
Potential Mitigations
References