Skip to main content

Debug mode

Description

When Debug mode is left turned on by developers, it allows attackers to gather precious information from excessive error reporting messages such as entire stack traces or tracebacks.

Remediation

Disabled Debug mode.

Configuration

Identifier: information_disclosure/debug_mode

Examples

Ignore this check

{
"checks": {
"information_disclosure/debug_mode": {
"skip": true
}
}
}

Score

  • Escape Severity: LOW
    • OWASP: API7:2023
    • PCI DSS: 6.5.5
    • CWE
      • 200
      • 215
      • 489
      • 668
      • 1258
      • 1295
    • WASC: WASC-14

CVSS

  • CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
  • CVSS_SCORE: 5.1

References