0008498: RESPONSIBLE DISCLOSURE - htpasswd

ID	Project	Category	View Status	Date Submitted	Last Update

0008498	Kali Linux	Kali Websites & Docs	public	2023-10-08 19:04	2023-10-09 06:58

Reporter	Navi01841	Assigned To	daniruiz
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	no change required

Summary	0008498: RESPONSIBLE DISCLOSURE - htpasswd
Description	Description htpasswd, a flat-file used to store usernames and password for basic authentication on an Apache HTTP Server. DOMAIN http.kali.org STEPS TO REPRODUCE Open any browser and go to google.com Give the following keywords intitle:"Index of" htpasswd In the search result we can see htpasswd of Kali.org website to be exposed Incase if this information is accessed by an attacker he can misuse it Vulnerable url https://http.kali.org › pool › libapac... of /pool/main/liba/libapache-htpasswd-perl PROOF OF CONCEPT (POC) Attached POC 1 for your reference
Attached Files	Screenshot_2023_1009_003123.jpg (50,043 bytes) Screenshot_2023_1009_003123.jpg (50,043 bytes)

Date Modified	Username	Field	Change
2023-10-08 19:04	Navi01841	New Issue
2023-10-08 19:04	Navi01841	File Added: Screenshot_2023_1009_003123.jpg
2023-10-09 06:58	daniruiz	Note Added: 0018535
2023-10-09 06:58	daniruiz	Assigned To	=> daniruiz
2023-10-09 06:58	daniruiz	Status	new => closed
2023-10-09 06:58	daniruiz	Resolution	open => no change required

daniruiz 2023-10-09 06:58 manager ~0018535	That are the files for the package named libapache-htpasswd-perl, not the htpassword files