Intrusion PreventionWeb.Server.Password.File.Access
Description
This indicates an attempt to access a sensitive file through HTTP requests.
The signature checks for these files:
/etc/passwd (List of local users)
/etc/shadow (List of users' passwords' hashes)
/etc/host (Host file)
These files in Linux system store essential information regarding registered users. Access to these files is usually restricted.
Affected Products
All HTTP servers that are not properly configured.
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Monitor the traffic from that network for any suspicious activity.
Restrict access to the files.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-01-10 | 22.472 | Name:Web. Server. Password. Files. Access:Web. Server. Password. File. Access |
| 2022-10-20 | 22.419 | Sig Added |
| 2022-07-15 | 21.357 | Sig Added |
| 2022-06-14 | 21.338 | Sig Added |
| 2022-05-16 | 20.316 | Severity:medium:high |
| 2021-12-10 | 19.214 | Sig Added |
| 2021-05-04 | 18.072 | Sig Added |
| 2020-12-07 | 16.974 | Sig Added |
| 2019-02-20 | 14.557 | Sig Added |
| ID | 43336 |
| Created | Nov 02, 2016 |
| Updated | Jan 08, 2023 |
| Risk |
|
| Default Action | drop |
| Active | |
| Affected OS | Linux |
| Affected App | Other |