ASP.NET Trace.AXD Information Leak
An ASP.NET Trace.AXD file was discovered.
- logs
- asp
- exposure
ASP.NET Trace AXD files store information about the processing of requests. These files are used by the Microsoft ASP.NET Request Model (RM) package and are typically stored in the web application root directory.
Impact
An attacker may be able to retrieve sensitive information, such as cfguri, application keys, session ids and the producer key, a kind of certificate used to prevent false-flagging requests.
Solution
Unless you require high resolution trace files destroyed by running them trough a sanitising tool. It is recommended to remove the Trace.AXD files to ensure that they are no longer accessible.
Was this page helpful?