Windows Path Disclosure

Impact: Informational

Description

File and directory paths reveal information about the structure of the file system of the underlying OS. This information does not create any direct impact on the target, though it provides valuable information attackers can use in their attack. Attackers can leverage disclosed paths to gain insights into the system’s configuration and potentially identify additional attack vectors.

Recommendation

If it’s not displayed intentionally, fix the reason causing the disclosure and make sure the path is not revealed due to errors and misconfigurations. Implement access controls and input validation to prevent unintended disclosure of sensitive information.

References

CWE-200
Microsoft Security Development Lifecycle (SDL)
OWASP 2021-A5
OWASP: Information Leakage

👉 You might also like:

Windows Path Disclosure

Description

Recommendation

References

Unix Path Disclosure - Vulnerability

Path Disclosure in Robots.txt - Vulnerability

Apache Version Disclosure - Vulnerability

Arbitrary Source Code Disclosure - Vulnerability

Use SmartScanner Free version to test for this issue