Information Disclosure - Debug Error Messages

Why it can be dangerous and how to fix it

This article is a part of our Web Security Knowledge Base (back to index)

Why Information Disclosure - Debug Error Messages can be dangerous

This means that the server response appears to contain common error messages returned by web servers (i.e. IIS, Apache) and platforms such as ASP.NET.

This kind of information leakage is one of the ways to fingerprint the service and create attack vectors. Debug messages may contain sensitive data about the user and the system, which can be considered as an additional threat, especially if HTTPS is not enforced.

How to fix Information Disclosure - Debug Error Messages

Ensure that your web application serves custom error pages.

Check if debug messages are not printed to output.

Disable debugging before pushing to production.

How does ScanRepeat report Information Disclosure - Debug Error Messages

ScanRepeat analyzes every HTTP response and looks for any common debug error messages. It reports every occurrence of such an issue providing the URL and the contents found.

Would you like to test your application now against this problem? Sign up for our free trial

Scan Your Web App Now
Scan your application
for 14 days for free

No credit card is required. No commitment.

Sign Up Free