Signature Detail
Short Name |
HTTP:UNIX-FILE:ETC-PASSWD |
|---|---|
Severity |
Medium |
Recommended |
Yes |
Category |
HTTP |
Keywords |
Unix File /etc/passwd Probe |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Unix File /etc/passwd Probe
This signature detects attempts to access the main password file. If the server does not use shadowed passwords, attackers can compromise user passwords through brute force or add themselves to the system.
Extended Description
Successful exploitation of the vulnerability could enable a remote attacker to gain a user list to be used in a brute force attack.