I'm not sure how to classify this bug / vulnerability, but for aspWebCalendar Free edition, you can openly download the mdb file and read its contents (username,pasword). Example http://www.example.com/calendar/calendar.mdb I guess the fix would be to place the mdb file outside of wwwroot.