Old/Backup Resource Found

Description

Old or backup files left accessible on a web server can inadvertently expose sensitive information such as source code, administrative interfaces, or credentials. These files may provide attackers with valuable insights into the application’s architecture and potentially aid in exploiting vulnerabilities.

Recommendation

To mitigate the risk of information disclosure, regularly audit web server directories for old or backup files and remove them from publicly accessible locations. Implement measures to prevent automatic creation or copying of backup files into these directories.

References

• CWE-200
• CWE-530
• OWASP 2021-A5
• OWASP: Review Old Backup and Unreferenced Files for Sensitive Information