A security vulnerability exists in Parallels Remote Application Server (RAS), a suite of application delivery and VDI (Virtual Desktop Infrastructure) solutions from Parallels, U.S.A. The vulnerability stems from allowing A local attacker to retrieve certain configuration file passwords in plaintext format by uploading an encrypted file previously stored in Parallels RAS. An attacker could exploit the vulnerability to be able to recover profile passwords, and the confidentiality, availability, and integrity of user information could be compromised.