Unreferenced Resource Found
Impact: Informational
Description
Unreferenced resources in web applications may reveal sensitive information and provide attackers with insights into potential attack vectors. These resources, although not directly linked or referenced within the application, can still be accessed by attackers, potentially aiding them in crafting targeted attacks.
Recommendation
To mitigate the risk of information disclosure, promptly remove or restrict access to unreferenced resources. Relying solely on resource obscurity for security is inadequate; instead, ensure that sensitive resources are adequately protected through access controls and other security measures.
References
- CWE-200
- CWE-552
- OWASP 2021-A5
- OWASP: Review Old Backup and Unreferenced Files for Sensitive Information
👉 You might also like:
Sensitive Unreferenced Resource Found - Vulnerability
Unreferenced Login Page Found - Vulnerability
Unreferenced Repository Found - Vulnerability
Old/Backup Resource Found - Vulnerability
Last updated on May 13, 2024