CSWeb security vulnerability
Posted: October 4th, 2023, 4:21 am
Hi,
We are getting the following flagged by out security team:
The CSWeb application has an improper error handling vulnerability - details relating to the error, Web asset, or server should never be disclosed to public users as it gives malicious actors insight and information about potential flaws that they could use to launch more targeted attacks.
In the next release would it be possible to define and use a global error handler that returns a standard and generic error message across all error cases? The message should not reveal any specific information about the error or the Web asset.
Thanks in advance!
We are getting the following flagged by out security team:
The CSWeb application has an improper error handling vulnerability - details relating to the error, Web asset, or server should never be disclosed to public users as it gives malicious actors insight and information about potential flaws that they could use to launch more targeted attacks.
In the next release would it be possible to define and use a global error handler that returns a standard and generic error message across all error cases? The message should not reveal any specific information about the error or the Web asset.
Thanks in advance!