UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators' account names and passwords via this unprotected configuration file.Referenceshttps://www.twcert.org.tw/tw/cp-132-6680-af0aa-1.html
