Voodoo chat 1.0RC1b stores sensitive information under the web root with insufficient access control, which allows remote attackers to download passwords via a direct request for data/users.dat.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/31221https://www.exploit-db.com/exploits/3044
