CVE-1999-0953

WWWBoard - Unauthenticated Password File Exposure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0953. PoCs published by bd0rk.

AI-analyzed exploit summary This is a writeup describing a password disclosure vulnerability in WWWBoard 2.0 Alpha 2, where the passwd.txt file is accessible without authentication. The exploit involves directly accessing the file via a URL.

Description

WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers.

Exploits (1)

exploitdb WRITEUP VERIFIED

by bd0rk · textwebappscgi

https://www.exploit-db.com/exploits/3065

View Code ZIP pw:eip

This is a writeup describing a password disclosure vulnerability in WWWBoard 2.0 Alpha 2, where the passwd.txt file is accessible without authentication. The exploit involves directly accessing the file via a URL.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WWWBoard 2.0 Alpha 2

No auth needed

Prerequisites: Target must have WWWBoard 2.0 Alpha 2 installed · passwd.txt must be accessible via web path

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0953

Scores

EPSS 0.0860

EPSS Percentile 94.4%

Details

Status published

Products (1)

matt_wright/wwwboard 2.0_alpha_2.1

Published Sep 16, 1999

Tracked Since Feb 18, 2026