When authentication files (like auth_user_file ) are stored in plain text, they can contain:
Ensure your server configuration denies public access to configuration and authentication files [2]. Using Robots.txt: New- Inurl Auth User File Txt Full