[原文]Cookie Cart stores the password file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and encrypted passwords via a direct request to passwd.txt.
Cookie Cart contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to encrypted passwords when a browser request for the passwd.txt file occurs, which may lead to a loss of confidentiality.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):
Secure the passwd.txt file using .htaccess