Description
Cytrix has detected that “ASP.NET debugging” option is enabled. ASP.NET allows to remotely debug web applications, if he is set to do so.
By default, debugging is subject to access control and requires authentication on a platform level.
If an attacker can successfully initiate and perform a remote debugging session, it may result in exposing sensitive information about the application and it’s supportive infrastructure.
That, might be be of useful for him in creating target-based attacks on the system.
Severity/Score
Average Score – 5.3 Medium
Recommendation
Make sure that all of the “DEBUG” statements are disabled or can be used only by those who are authorized to do so.
References
https://cwe.mitre.org/data/definitions/11.html
https://cwe.mitre.org/data/definitions/489.html