logo

Trace.axd Information Leak

  • Risk:
  • Medium

  • Type:
  • Active
Summary

The ASP.NET Trace Viewer (trace.axd) was found to be available. This component can leak a significant amount of valuable information.

Solution

Consider whether or not Trace Viewer is actually required in production, if it isn't then disable it. If it is then ensure access to it requires authentication and authorization.

References

https://msdn.microsoft.com/en-us/library/bb386420.aspx

https://msdn.microsoft.com/en-us/library/wwh16c6c.aspx

https://www.dotnetperls.com/trace

Free security scan for your website