Generation of Error Message Containing Sensitive Information
| Property | |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-209: Generation of Error Message Containing Sensitive Information |
| OWASP | A06:2017 - Security Misconfiguration |
| Confidence Level | High |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The application is configured to show detailed stack traces to users even outside of a development environment. This exposes sensitive debug information that should not be visible in production.
Impact#
If exploited, attackers can view internal error details that may reveal information about the application’s structure, technologies, or vulnerabilities. This information can aid in further attacks, increase the risk of data exposure, and damage the organization’s security posture.