Unreferenced Login Page Found
Impact: Medium
Description
Attackers can often predict unreferenced resources on web applications. These files may disclose sensitive information that can facilitate a focused attack against the application. Unreferenced pages may contain powerful functionality that can be used to attack the application. OWASP
Recommendation
The security of systems should not be based on the obscurity of resource locations. Remove or limit access to the file.
References
- OWASP: Review Old Backup and Unreferenced Files for Sensitive Information
- CWE-656
- CWE-552
- OWASP 2021-A4
- CWE-200
- OWASP 2007-A6
- OWASP 2021-A1
👉 You might also like:
Sensitive Unreferenced Resource Found - Vulnerability
Unreferenced Repository Found - Vulnerability
Unreferenced Resource Found - Vulnerability
Old/Backup Resource Found - Vulnerability
Last updated on February 15, 2021