VariantDraft

CWE-11ASP.NET Misconfiguration: Creating Debug Binary

Category: config

Description

Debugging messages help attackers learn about the system and plan a form of attack. ASP .NET applications can be configured to produce debug binaries. These binaries give detailed debugging messages and should not be used in production environments. Debug binaries are meant to be used in a development or testing environment and can pose a security risk if they are deployed to production.

Common consequences· 1

  • Confidentiality — Read Application Data
    Attackers can leverage the additional information they gain from debugging output to mount attacks targeted on the framework, database, or other resources used by the application.

Potential mitigations· 1

  • [System Configuration]Avoid releasing debug binaries into the production environment. Change the debug mode to false when the application is deployed into production.

References

  1. https://cwe.mitre.org/data/definitions/11.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
ASP.NET Misconfiguration: Missing Custom Error Page
CWE
ASP.NET Misconfiguration: Password in Configuration File
CWE
ASP.NET Misconfiguration: Use of Identity Impersonation
CWE
ASP.NET Misconfiguration: Improper Model Validation
CWE
ASP.NET Misconfiguration: Not Using Input Validation Framework
CWE
.NET Misconfiguration: Use of Impersonation
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.