Unreferenced Login Page Found
Impact: Medium
Description
Unreferenced Login Page Found refers to the discovery of login pages within a web application that are not directly linked or referenced within the application itself. These pages, although not part of the main navigation or visible to users, may still be accessible to attackers, providing them with insights into potential attack vectors.
Recommendation
To mitigate the risk of information disclosure, promptly remove or restrict access to unreferenced login pages. Relying solely on resource obscurity for security is inadequate; instead, ensure that sensitive resources like login pages are adequately protected through access controls and other security measures.
References
- CWE-200
- CWE-552
- OWASP 2021-A5
- OWASP: Review Old Backup and Unreferenced Files for Sensitive Information
👉 You might also like:
Sensitive Unreferenced Resource Found - Vulnerability
Unreferenced Repository Found - Vulnerability
Unreferenced Resource Found - Vulnerability
Old/Backup Resource Found - Vulnerability
Last updated on May 13, 2024