DEBUG method is enabled

Description

Kayran has detected that “ASP.NET debugging” option is enabled. ASP.NET allows to remotely debug web applications, if he is set to do so.
By default, debugging is subject to access control and requires authentication on a platform level.

If an attacker can successfully initiate and perform a remote debugging session, it may result in exposing sensitive information about the application and it’s supportive infrastructure.
That, might be be of useful for him in creating target-based attacks on the system.

Recommendation

Make sure that all of the “DEBUG” statements are disabled or can be used only by those who are authorized to do so.

< Return to all Vulnerabilities

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Read More »

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »