Sensitive Unreferenced Resource Found
Attackers can often predict unreferenced resources on web applications. These files may disclose sensitive information that can facilitate a focused attack against the application. Unreferenced pages may contain powerful functionality that can be used to attack the application. OWASP
The security of systems should not be based on the obscurity of resource locations. Remove or limit access to the file.
- OWASP: Review Old Backup and Unreferenced Files for Sensitive Information
- OWASP 2007-A6
- OWASP 2021-A1