2003801 : passwd file accessed

High RiskHigh Risk

Quick Links

Event description Jump to the top of this document

The /etc/passwd file on Unix systems contains password information. An attacker who has accessed the etc/passwd file may attempt a brute force attack of all passwords on the system.

An attacker may attempt to gain access to the etc/passwd file through HTTP, FTP, or SMB. Typically this is done through one of the CGI scripts installed on the server, so this event may be seen in conjunction with other events of that type.

Products that have this security check Jump to the top of this document


This event triggers when an HTTP GET request contains '*/etc/passwd' or '*/etc/shadow' or '*/etc/master.passwd' or '*/etc/security/passwd' and '*/etc/security/shadow'.

False Positive:This event triggers on what appears to be a request for the password or shadow file, which may or may not be successful. A false positive is not indicated when the request is unsuccessful.

Affected platforms Jump to the top of this document

How to remove this vulnerability Jump to the top of this document

Examine the URL accessed and evaluate if the access attempt could have been successful. If so, consider the system compromised and all passwords exposed. Although this event is not the result of a specific vulnerability, you should take steps to ensure that HTTP, FTP, and SMB file shares do not contain vulnerabilities that could allow remote access to the /etc/passwd file.

References Jump to the top of this document

Information about this document Jump to the top of this document

The information contained in this document may change without notice, and may have been altered or changed if you have received it from a source other than Internet Security Systems. Use of this information constitutes acceptance for use in an "AS IS" condition, without warranties of any kind, and any use of this information is at the user's own risk. Internet Security Systems disclaims all warranties, either expressed or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Internet Security Systems be liable for any damages whatsoever, including direct, indirect, incidental, consequential or special damages, arising from the use or dissemination hereof, even if Internet Security Systems has been advised of the possibility of such damages.

Copyright © 1997 – 2015 IBM Internet Security Systems. All rights reserved.

This page was created on Fri Aug 28 03:37:15 2015