This article is a part of our Web Security Knowledge Base (back to index)

Why “Trace.axd Information Leak” can be dangerous

This means that the ASP.NET Trace Viewer (trace.axd file) was found available on your website. It allows logging the latest request to the server which can result in leakage of valuable information such as file paths or session IDs.

How to fix “Trace.axd Information Leak”

Consider disabling Trace Viewer if it’s actually not required in production. If it’s absolutely necessary to be enabled there, ensure that access to all tracing information requires authentication and authorisation.

How does ScanRepeat report “Trace.axd Information Leak”

ScanRepeat looks for pages where the trace.axd file is exposed and reports every occurrence of such a vulnerability providing the URL of an issue.

Would you like to test your application now against this problem? Sign up for our free trial

Scan Your Web App Now
Scan your application
for 14 days for free

No credit card is required. No commitment.

Sign Up Free