Intrusion Prevention

Web.Server.Password.Files.Access

Description

This indicates an attempt to access a sensitive file through HTTP requests.
The signature checks for these files:
/etc/passwd (List of local users)
/etc/shadow (List of users' passwords' hashes)
/etc/resolv.conf (Contains the current name servers, DNS, for the system. )
These files in Linux system store essential information regarding registered users. Access to these files is usually restricted.

Affected Products

All HTTP servers that are not properly configured.

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Monitor the traffic from that network for any suspicious activity.
Restrict access to the files.