CVE-2004-1497

Vulnerability

Web Forums Server versions 1.6 and 2.0 Power Pack store all user account passwords in plaintext within the Username.ini file [1]. This file is located on the server's file system and is readable by any local user with access to the server's installation directory. No special configuration or user interaction is required to expose the passwords; the plaintext storage is a default design flaw.

Exploitation

An attacker with local access to the server (e.g., through a compromised user account or physical access) can simply navigate to the Username.ini file and read the stored passwords [1]. No authentication is needed beyond the ability to read the file. The attacker can then use the obtained credentials to log in as any user of the Web Forums Server.

Impact

Successful exploitation allows the attacker to retrieve plaintext passwords for all accounts managed by the Web Forums Server [1]. This can lead to unauthorized access to the forum system, privilege escalation to administrative accounts, and potential lateral movement if users reuse passwords on other systems.

Mitigation

No official patch or fixed version has been released for this vulnerability [1]. As a workaround, administrators should restrict read access to the Username.ini file to only trusted users or consider migrating to an alternative forum server that does not store passwords in plaintext. This issue is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.