Description

The file _vti_pvt/authors.pwd can be read. This file contains sensitive information and should not be available.

Remediation

Restrict access to this file be settings proper permissions to _vti_pvt directory or directly to authors.pwd.

References

Microsoft IIS Homepage

Related Vulnerabilities

Possible Database Name Disclosure

WordPress Plugin IBS Mappro Arbitrary File Download (0.6)

Jenkins weak password

ASP.NET cookieless authentication enabled

Spring Boot Misconfiguration: Admin MBean enabled

Severity

Medium

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure