Sensitive Credential Information Disclosure in EMC RSA Archer GRC 5.5.x
CVE-2016-0899 · LOW Severity
AV:N/AC:M/AU:S/C:P/I:N/A:N
EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.
Learn more about our Cis Benchmark Audit For Microsoft Iis.