This article is a part of our Web Security Knowledge Base (back to index)
Why Information Disclosure - Debug Error Messages can be dangerous
This means that the server response appears to contain common error messages returned by web servers (i.e. IIS, Apache) and platforms such as ASP.NET.
This kind of information leakage is one of the ways to fingerprint the service and create attack vectors. Debug messages may contain sensitive data about the user and the system, which can be considered as an additional threat, especially if HTTPS is not enforced.
How to fix Information Disclosure - Debug Error Messages
Ensure that your web application serves custom error pages.
Check if debug messages are not printed to output.
Disable debugging before pushing to production.
How does ScanRepeat report Information Disclosure - Debug Error Messages
ScanRepeat analyzes every HTTP response and looks for any common debug error messages. It reports every occurrence of such an issue providing the URL and the contents found.
Would you like to test your application now against this problem? Sign up for our free trialScan Your Web App Now