Old/Backup Resource Found

Description

Old or backup files left accessible on a web server can inadvertently expose sensitive information such as source code, administrative interfaces, or credentials. These files may provide attackers with valuable insights into the application’s architecture and potentially aid in exploiting vulnerabilities.

Recommendation

To mitigate the risk of information disclosure, regularly audit web server directories for old or backup files and remove them from publicly accessible locations. Implement measures to prevent automatic creation or copying of backup files into these directories.

References

• OWASP: Review Old Backup and Unreferenced Files for Sensitive Information
• CWE-200
• CWE-530
• CAPEC-118
• OWASP 2021-A5

Related Issues

• Sensitive Old/Backup Resource Found - Vulnerability
• Sensitive Unreferenced Resource Found - Vulnerability
• Unreferenced Resource Found - Vulnerability
• Hidden Resource in Robots.txt - Vulnerability

Tags:

Information Disclosure

Backup Files