Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org. This problem can be circumvented by setting permissions on the file ../k in the Allmanage directory to refuse remote reading.
Allmanage contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to the plain text administrator password when requesting the 'allmanage.pl' script with the 'K' option, which may lead to a loss of confidentiality.
Currently, there are no known upgrades or patches to correct this issue. It may be possible to correct the flaw by implementing the following workaround:
Remove the read file permission on the allmanage/k file for all users except the owner of the file.