CWE-200: Information Exposure, trk.tidaltv.com

CWE-200: Information Exposure | Vulnerability Crawler Report

Report generated by CloudScan Vulnerability Crawler at Sat Feb 12 15:34:37 CST 2011.

The DORK Report

Loading

1. ASP.NET tracing enabled


1. ASP.NET tracing enabled

Summary

Severity:   High
Confidence:   Certain
Host:   http://trk.tidaltv.com
Path:   /trace.axd

Issue detail

ASP.NET tracing appears to be enabled at the application level.

Issue background

ASP.NET tracing is a debugging feature which is designed for use during development to help troubleshoot problems. It discloses sensitive information to users, and if enabled in production contexts may present a serious security threat.

Application-level tracing enables any user to retrieve full details about recent requests to the application, including those of other users. This information includes session tokens and request parameters, which may enable an attacker to compromise other users and even take control of the entire application.

Page-level tracing returns the same information, but relating only to the current request. This may still contain sensitive data in session and server variables which would be of use to an attacker.

Issue remediation

To disable tracing, open the Web.config file for the application, and find the <trace> element within the <system.web> section. Either set the enabled attribute to "false" (to disable tracing) or set the localOnly attribute to "true" (to enable tracing only on the server itself).

Note that even with tracing disabled in this way, it is possible for individual pages to turn on page-level tracing either within the Page directive of the ASP.NET page, or programmatically through application code. If you observe tracing output only on some application pages, you should review the page source and the code behind, to find the reason why tracing is occurring.

It is strongly recommended that you refer to your platform's documentation relating to this issue, and do not rely solely on the above remediation.

Request

GET /trace.axd HTTP/1.0
Host: trk.tidaltv.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 12 Feb 2011 19:58:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 9791

<html>
<head>
<style type="text/css">
span.tracecontent b { color:white }
span.tracecontent { background-color:white; color:black;font: 10pt verdana, arial; }
span.tracecontent table { clear:left
...[SNIP]...
<body>
<span class="tracecontent">
<table cellspacing="0" cellpadding="0" border="0" width="100%">
...[SNIP]...
Report generated by CloudScan Vulnerability Crawler at Sat Feb 12 15:34:37 CST 2011.