Description
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.
Remediation
References
Related Vulnerabilities
WordPress Plugin Theme My Login Security Bypass (6.4.6)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9855)
LimeSurvey Other Vulnerability (CVE-2014-5018)
OpenSSL Inefficient Regular Expression Complexity Vulnerability (CVE-2023-3446)
WordPress Plugin YITH WooCommerce Mailchimp Security Bypass (2.1.3)