About
ASP.NET debugging is enabled on the host.
An attacker can send debug statements to the remote ASP scripts.
Impact – Minimal
It may be possible to disclose sensitive information about the Web sever and the ASP.NET application. Enabling DEBUG can also have serious implications on the performance of the Web site.
Solution
- Open the Web.config file in a text editor such as Notepad.exe. Web.config file is typically located in the application directory.
- In the Web.config file, locate the compilation element. Debugging is enabled when the debug attribute in the compilation element is set to true.
- Modify the debug attribute to false, and then save the Web.config file to disable debugging for that application.The following code sample shows the compilation element with debug set to false:
<compilation
debug="false"
/>