Description

The file _vti_pvt/authors.pwd can be read. This file contains sensitive information and should not be available.

Remediation

Restrict access to this file be settings proper permissions to _vti_pvt directory or directly to authors.pwd.

References

Microsoft IIS Homepage

Related Vulnerabilities

Unrestricted access to Prometheus Metrics

PHP register_globals enabled

Symfony ESI (Edge-Side Includes) enabled

WordPress Plugin WP-Mon Arbitrary File Disclosure (0.5.1)

Spring Boot Misconfiguration: Actuator endpoint security disabled

Severity

Medium

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure