Roundcube Log Disclosure
Roundcube log files were publicly accessible.
- exposure
- logs
Roundcube files are sometimes publicly accessible files, which give an attacker information about the system, used to configure the application in question. These files may reveal sensitive information, such as usernames and passwords, which can allow an attacker to gain access to the system.
Impact
Attackers may, therefore, be able to gather information about the server configuration, application version and computer, which can be used to launch more sophisticated attacks.
Solution
If possible, remove all log files from public folders.
Was this page helpful?