GEN:SID | 1:1122 |
Message | WEB-MISC /etc/passwd |
Impact | Information Gathering.
|
Detailed Information | The passwd file usually found in the /etc/ directory on UNIX based systems, contains login information for users of a host. If shadow password files are not being used, an attacker could obtain valid login information for the system by using widely available password cracking tools on the file.
The file may also be used to garner information that may be used in brute force password guessing attacks against the host.
|
Affected Systems | All UNIX based systems running a Web Server. |
Attack Scenarios | The attacker can make a standard HTTP request that contains '/etc/passwd'in the URI.
|
Ease of Attack | Simple HTTP request.
|
Corrective Action | Webservers should not be allowed to view or execute files and binaries outside of it's designated web root or cgi-bin. This file may also be requested on a command line should the attacker gain access to the machine. Making the file read only by the superuser on the system will disallow viewing of the file by other users.
|
Additional References | |