Date: October 26, 2023 Report ID: SEC-REP-2023-001 Status: CLOSED (Patched) Severity: High Affected Asset: [Insert Server IP / Domain Name] 1. Executive Summary A security audit identified a critical misconfiguration in the web server directory indexing settings. This misconfiguration allowed unauthorized directory listing and public access to a sensitive file named password.txt . The vulnerability was successfully exploited during the assessment phase and has since been mitigated by disabling directory indexing and removing the sensitive file. 2. Vulnerability Details Title: Directory Traversal / Sensitive File Exposure via Directory Indexing CVE Reference: CWE-538 (Insertion of Sensitive Information into Externally-Accessible File or Directory) Location: https://[target]/[directory]/ Discovery Method: OSINT / Google Dorking ( intitle:"index of" password.txt ) Description The web server was configured to allow directory browsing. When a user navigated to the specific directory URL, the server generated an "Index of" page listing all contained files. Among these files was password.txt , which contained [describe contents, e.g., hashed passwords / API keys / clear-text credentials]. Evidence (Pre-Patch) Request: Call.of.duty.modern.warfare.ii.vault.edition.steam.rip Online