PHP-Board 1.0 - User Password Disclosure

Author: frog
type: webapps
platform: php
port: 
date_added: 2003-02-15 
date_updated: 2012-10-25 
verified: 1 
codes: CVE-2003-1401;OSVDB-58899 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/6862/info

php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain access to php-board user and administrative passwords.

http://www.example.com/user/[NICKNAME].txt