Fluid Attacks Database

Description

The system has the debug mode active which generates an information leak when an error is generated.

Impact

Obtain sensitive information such as stacktraces and versions of the systems used.

Recommendation

Make sure that debugging mode is not enabled in the production environment and remove statements or portions of code that are executing in debugging mode.

Threat

External attacker with access to the application.

Expected Remediation Time

⏱️ 15 minutes.

Requirements

077 - Avoid disclosing technical information 078 - Disable debugging events

Rules

Http X Chromelogger Data Leak Xml Dev Mode Enabled Php Debug Mode Enabled Javascript Error Handler Used In Production Ruby Error Information Disclosure Typescript Error Handler Used In Production Docker Debug Enabled In Dockerfile Python Debug Mode Enabled Flask Python Debug True In Settings Python Debug Mode Enabled Javascript Debugger Statement Present Config Files Debug True In Web Config Typescript Debugger Statement Present Java Webview Debugging Enabled Ruby Debugger Mode Use

Fixes

Csharp Dart Go Java Php Python Ruby Scala Swift