ASP.NET Trace.AXD Information Leak

ASP.NET Trace AXD files store information about the processing of requests. These files are used by the Microsoft ASP.NET Request Model (RM) package and are typically stored in the web application root directory.

Impact

An attacker may be able to retrieve sensitive information, such as cfguri, application keys, session ids and the producer key, a kind of certificate used to prevent false-flagging requests.

Solution

Unless you require high resolution trace files destroyed by running them trough a sanitising tool. It is recommended to remove the Trace.AXD files to ensure that they are no longer accessible.