Sensitive Credential Information Disclosure in EMC RSA Archer GRC 5.5.x

Sensitive Credential Information Disclosure in EMC RSA Archer GRC 5.5.x

CVE-2016-0899 · LOW Severity

AV:N/AC:M/AU:S/C:P/I:N/A:N

EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.

Learn more about our Cis Benchmark Audit For Microsoft Iis.