Vulnerabilities/

Unreferenced Login Page Found

Severity:
Medium

Description

Unreferenced Login Page Found refers to the discovery of login pages within a web application that are not directly linked or referenced within the application itself. These pages, although not part of the main navigation or visible to users, may still be accessible to attackers, providing them with insights into potential attack vectors.

Recommendation

To mitigate the risk of information disclosure, promptly remove or restrict access to unreferenced login pages. Relying solely on resource obscurity for security is inadequate; instead, ensure that sensitive resources like login pages are adequately protected through access controls and other security measures.

References

Related Issues

Tags:
CWE-656
Authentication
Brute Force
Information Disclosure
WASC-34
WASC-11
WASC-13
CWE-552
CWE-200
OWASP 2021-A5
OWASP 2017-A6
OWASP 2013-A5
CAPEC-49
CAPEC-118
Anything's wrong? Let us know Last updated on September 11, 2024

This issue is available in SmartScanner Professional

See Pricing