Web.Server.Password.File.Access

description-logoDescription

This indicates an attempt to access a sensitive file through HTTP requests.
The signature checks for these files:
/etc/passwd (List of local users)
/etc/shadow (List of users' passwords' hashes)
/etc/host (Host file)
These files in Linux system store essential information regarding registered users. Access to these files is usually restricted.

affected-products-logoAffected Products

All HTTP servers that are not properly configured.

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Monitor the traffic from that network for any suspicious activity.
Restrict access to the files.

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-01-10 22.472 Name:Web.
Server.
Password.
Files.
Access:Web.
Server.
Password.
File.
Access
2022-10-20 22.419 Sig Added
2022-07-15 21.357 Sig Added
2022-06-14 21.338 Sig Added
2022-05-16 20.316 Severity:medium:high
2021-12-10 19.214 Sig Added
2021-05-04 18.072 Sig Added
2020-12-07 16.974 Sig Added
2019-02-20 14.557 Sig Added