Kwik-Pay Payroll Payroll and Employment Information Disclosure

2006-03-03T08:32:36
ID OSVDB:23617
Type osvdb
Reporter Yog(), KeyShore()
Modified 2006-03-03T08:32:36

Description

Vulnerability Description

Kwik-Pay Payroll contains a flaw that may lead to an unauthorized information disclosure. The issue is due to employment and payment information being stored in database files with insecure file permissions in the installation directory, which is accessible by any local user on the system.

Solution Description

Upgrade to version 4.2.22 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Kwik-Pay Payroll contains a flaw that may lead to an unauthorized information disclosure. The issue is due to employment and payment information being stored in database files with insecure file permissions in the installation directory, which is accessible by any local user on the system.

References:

Vendor URL: http://www.kwik-pay.com/ Secunia Advisory ID:19075 Mail List Post: http://attrition.org/pipermail/vim/2007-February/001331.html Mail List Post: http://attrition.org/pipermail/vim/2007-February/001351.html Mail List Post: http://attrition.org/pipermail/vim/2007-February/001329.html ISS X-Force ID: 25114 CVE-2006-1050