WWWBoard is an outdated web-based email client that stores encrypted passwords in a password file under the web root. This makes it accessible to remote attackers, posing a significant risk to users' sensitive information.
WWWBoard is an outdated web-based email client that stores encrypted passwords in a password file under the web root. This makes it accessible to remote attackers, posing a significant risk to users' sensitive information.
You're affected if you use WWWBoard version 1.x or earlier. Check with: find / -name "wwwboard*.conf" (Note: The exact command might vary depending on the system configuration.)
Product: WWWBoard
Version info: Not specified in the advisory.
Check for presence of the vulnerable password file by searching for files named "wwwboard.conf" under the web root directory.
Immediate mitigations:
- Restrict network access to your WWWBoard instance (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation
Contact a vendor representative or IBM support directly for a patched version - there's no public patch link in the advisory.