Threat Encyclopedia

Web.Server.Password.Files.Access

description-logoDescription

This indicates an attempt to access a sensitive file through HTTP requests.
The signature checks for these files:
/etc/passwd (List of local users)
/etc/shadow (List of users' passwords' hashes)
/etc/host (Host file)
These files in Linux system store essential information regarding registered users. Access to these files is usually restricted.

affected-products-logoAffected Products

All HTTP servers that are not properly configured.

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Monitor the traffic from that network for any suspicious activity.
Restrict access to the files.

Telemetry logoTelemetry