Unreferenced Resource Found

Description

Attackers can often predict unreferenced resources on web applications. These files may disclose sensitive information that can facilitate a focused attack against the application. Unreferenced pages may contain powerful functionality that can be used to attack the application. ^OWASP

Recommendation

The security of systems should not be based on the obscurity of resource locations. Remove or limit access to the file.

References

• OWASP: Review Old Backup and Unreferenced Files for Sensitive Information
• CWE-552
• CWE-200
• OWASP 2007-A6
• OWASP 2021-A1