Trace.axd Information Leak

Risk:
Medium

Type:
Active

CWE:
CWE-215

Summary: The ASP.NET Trace Viewer (trace.axd) was found to be available. This component can leak a significant amount of valuable information.

Solution: Consider whether or not Trace Viewer is actually required in production, if it isn't then disable it. If it is then ensure access to it requires authentication and authorization.

References

https://msdn.microsoft.com/en-us/library/bb386420.aspx

https://msdn.microsoft.com/en-us/library/wwh16c6c.aspx

https://www.dotnetperls.com/trace

Free online web security scanner

Don't show website scan report rating on the leaderboard