2009-09-11 16:00:00
mitre
PUBLISHED
RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php.