183 – Debugging enabled in production

Description

The system has the debug mode active which generates an information leak when an error is generated.

Impact

Obtain sensitive information such as stacktraces and versions of the systems used.

Recommendation

Make sure that debugging mode is not enabled in the production environment and remove statements or portions of code that are executing in debugging mode.

Threat

External attacker with access to the application.

Expected Remediation Time

15 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: L
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): N
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: X

Requirements

• 077 - Avoid disclosing technical information
• 078 - Disable debugging events

Fixes

• Csharp
• Dart
• Elixir
• Go
• Java
• Php
• Python
• Ruby
• Scala
• Swift

Last updated

2024/02/15