Possible sensitive files

Description

During the scan, Cytrix managed to find some possible sensitive exposed files. That allows an attacker to view and even and download these files.

An attacker could access these sensitive files and use the information they contain in order to perform reconnaissance actions against the website’s infrastructure and sensitive data that the website might hold.

By revealing this info (Information Disclosure) you will make an attacker’s job easy to see what versions of plugins and components are installed. That will assist him in finding attack vectors more easily.

Recommendation

To prevent this vulnerability, make sure to restrict access to these files. Doing so will assure that users without permission can’t access them, or, you can remove them completely from the website.

References

https://cwe.mitre.org/data/definitions/200.html

< Return to all Vulnerabilities

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »