2015-06-08 14:00:00
redhat
PUBLISHED
Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file.