[原文]login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request.
php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain access to php-board user and administrative passwords.
php-Board login.php [username].txt Direct Request User Account Disclosure
Remote / Network Access
Loss of Confidentiality
php-Board contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user requests the user/[username].txt file, where [username] is a valid username on the system, which will disclose user account information, including the plaintext password, resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.