H3-2022-0061¶

Apache Web Server htpasswd File Exposure

Description¶

The Web Server has been configured incorrectly allowing access to the htpasswd file.

Impact¶

An unauthenticated attacker can retrieve sensitive information like credentials stored in the file to further compromise the host.

References¶

• Apache Wiki
• MITRE ATT&CK Technique: T1552.001: Unsecured Credentials: Credentials In Files