Hi,
We are getting the following flagged by out security team:
The CSWeb application has an improper error handling vulnerability - details relating to the error, Web asset, or server should never be disclosed to public users as it gives malicious actors insight and information about potential flaws that they could use to launch more targeted attacks.
In the next release would it be possible to define and use a global error handler that returns a standard and generic error message across all error cases? The message should not reveal any specific information about the error or the Web asset.
Thanks in advance!
CSWeb security vulnerability
Re: CSWeb security vulnerability
This is not a result of not handling the error. The error was being handled and the message displayed the api response error. We will fix the message to show a user friendly message in the next version.