X-Debug-Token Information Leak
- Risk:
Low
- Type:
- Passive
- CWE:
- CWE-200
- Summary
The response contained an X-Debug-Token or X-Debug-Token-Link header. This indicates that Symfony’s Profiler may be in use and exposing sensitive data.
- Solution
Limit access to Symfony's Profiler, either via authentication/authorization or limiting inclusion of the header to specific clients (by IP, etc.).
- Other info
- By accessing a URL in the form http://target_host/_profiler/token_value (i.e.: http://example.com/_profiler_/123ab4), you may gain access to the profiler and further leaked information.
Free security scan for your website