Discovery credited to "\[Zero_Byte\]" <email@example.com>.
Frederic Tyndiuk Eupload 1.0
A problem with Eupload may make it possible for remote attackers to gain access to sensitive information.
Eupload does not cryptographically protect stored passwords. Passwords contained in the configuration file, password.txt, are stored in plain text. They may be read by simply viewing the file. The file, password.txt, is stored in a web accessible location and is, itself, accessible for retrieval. Thus it is trivial for an attacker to obtain user passwords and abuse the Eupload service.
There is no exploit code required.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.