← CVECheck
HomeVulnerabilities

CVE-2003-1394 — MEDIUM severity vulnerability (CoffeeCup Software Password Wizard 4.0 stores sensitive info)

CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file.

CVE IDCVE-2003-1394
SeverityMEDIUM
CVSS score5.0
CVSS vectorAV:N/AC:L/Au:N/C:P/I:N/A:N
CWECWE-255
StatusModified
Published2003-12-31
Last modified2026-04-16
DescriptionCoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →