26th Oct 2001 [SBWID-4827]
COMMAND
PC-to-phone
SYSTEMS AFFECTED
version 3.0.3, and probably earlier
PROBLEM
Arthur Hagen found that both the account number and password is stored
in a file \"temp.html\" in the PC to Phone install directory, which is
world readable. Any user on a multiuser-system can look up the account
number and password of any currently logged in user (or the last user
in case of a program/system crash)! The same goes for the log and
PhoneBook folders, which are *shared* among all users on a system.
SOLUTION
Vendor contacted. There will be no fix before next release.
Workaround : install the program in a secure directory.
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986- AOH
