Zeus Technology has released new binaries for their webserver which are not vulnerable to this problem. They are available at the location below: http://support.zeus.co.uk/news/exploit.html Users who are upgrading from version 3.1.9 or earlier should follow the upgrade steps at the following URL: http://support.zeus.co.uk/faq/entries/z33migrate.html It should be noted that Zeus responded to and fixed this problem within 3 hours of it being posted to BugTraq/on Security Focus.
Zeus Web Server contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to MD5 hashed passwords in the default file '/usr/local/zeus/admin/website' as they are base64 encoded, which may lead to a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.