Debug mode

Description

When Debug mode is left turned on by developers, it allows attackers to gather precious information from excessive error reporting messages such as entire stack traces or tracebacks.

Remediation

Disabled Debug mode.

Configuration

CheckId: information_disclosure/debug_mode

Examples

Ignoring this check

{
    "checks": {
        "information_disclosure/debug_mode": {
            "skip": true
        }
    }
}

Score

Escape Severity: MEDIUM
OWASP: A07:2023
PCI DSS: 6.5.5
CWE
- 200
- 215
- 489
- 668
- 1258
- 1295
WASC: 14

CVSS

CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
CVSS_SCORE: 5.1

References

https://www.infosecmatter.com/bug-bounty-tips-8-oct-14/#4-graphql-notes-for-beginners

Debug mode

Description​

Remediation​

Configuration​

Examples​

Ignoring this check​

Score​

CVSS​

References​