ASP.NET Trace.AXD Information Leak

An ASP.NET Trace.AXD file was discovered.

  • logs
  • asp
  • exposure

ASP.NET Trace AXD files store information about the processing of requests. These files are used by the Microsoft ASP.NET Request Model (RM) package and are typically stored in the web application root directory.


An attacker may be able to retrieve sensitive information, such as cfguri, application keys, session ids and the producer key, a kind of certificate used to prevent false-flagging requests.


Unless you require high resolution trace files destroyed by running them trough a sanitising tool. It is recommended to remove the Trace.AXD files to ensure that they are no longer accessible.

Was this page helpful?