Genesys Cloud CX

 View Only
Discussion Thread View
Expand all | Collapse all

Web Server Directory Enumeration: The directory https://login.mypurecloud.ie/assets/ is open

  • 1.  Web Server Directory Enumeration: The directory https://login.mypurecloud.ie/assets/ is open

    Posted 04-25-2022 11:28
    Edited by Karl Reed 04-26-2022 02:00

    Good Day,

    if you paste the following link into your browser "https://login.mypurecloud.ie/assets/" - Here you will see a directory structure. Here it's possible to enumerate directories on the webserver.

    Is there a reason for this?
    Is this seen as an issue?
    Is this seen as a security risk?

    Screenshot below:


    #ArchitectureandDesign
    #Security
    #Architectureandtechnology

    ------------------------------
    Regards,
    Karl Reed
    ------------------------------​​


  • 2.  RE: Web Server Directory Enumeration: The directory https://login.mypurecloud.ie/assets/ is open

    Posted 04-25-2022 11:38
    These are the resources that are sent to each Cloudfront end point for serving up logos and JS files for the login pages.  There is no private information and these are the same across all Cloudfront services for each region to allow quick display of messages and logos.

    ------------------------------
    Robert Wakefield-Carl
    Avtex Solutions, LLC
    Contact Center Innovation Architect
    robertwc@avtex.com
    https://www.Avtex.com
    https://RobertWC.Blogspot.com
    ------------------------------