Description

The file _vti_pvt/authors.pwd can be read. This file contains sensitive information and should not be available.

Remediation

Restrict access to this file be settings proper permissions to _vti_pvt directory or directly to authors.pwd.

References

Microsoft IIS Homepage

Related Vulnerabilities

Version Disclosure (PHP)

JIRA Security Advisory 2013-02-21

Internet Information Server returns IP address in HTTP header (Content-Location)

WP Easy full backup Information Disclosure (1.4)

Case-Insensitive Routing Bypass in Express.js Application

Severity

Medium

Classification

CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Tags

Configuration Information Disclosure