DEBUG method is enabled

Description

Kayran has detected that “ASP.NET debugging” option is enabled. ASP.NET allows to remotely debug web applications, if he is set to do so.
By default, debugging is subject to access control and requires authentication on a platform level.

If an attacker can successfully initiate and perform a remote debugging session, it may result in exposing sensitive information about the application and it’s supportive infrastructure.
That, might be be of useful for him in creating target-based attacks on the system.

Severity/Score

Average Score – 5.3 Medium

Recommendation

Make sure that all of the “DEBUG” statements are disabled or can be used only by those who are authorized to do so.

References

https://cwe.mitre.org/data/definitions/11.html

https://cwe.mitre.org/data/definitions/489.html

< Return to all Vulnerabilities

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »

The Dark Web

Let’s talk about the darker and more mysterious side of the internet, also known as The Dark Web. You’ve probably heard about it, whether it’s

Read More »

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 30,000+ vulnerabilities.Kayran’s mission is to make

Read More »