Information Disclosure(PHPINFO/Credentials) on DoD Asset

**Summary:** A DoD leaks credentials on a phpinfo() page. **Description:** https://███ publicly displays a phpinfo() page that leaks system information and credentials. ## Impact The impact is medium not only due to information leakage of numerous different details such as system information but also the leakage of domain credentials. USERDOMAIN ███████ USERNAME ██████ █████████PASSWORD'] ████████ ## Step-by-step Reproduction Instructions 1. Visit: https://████/████ 2. Information Disclosed ## Suggested Mitigation/Remediation Actions ████████ BAT suggests removing the ███ page or requiring authentication before making it accessible. ## Impact The impact is medium not only due to information leakage of numerous different details such as system information but also the leakage of domain credentials.