ASP.NET WCF service include exception details

Description

This web application is configured with the serviceDebug property includeExceptionDetailInFaults set to true. When configured this way, the WCF service will disclose exception details to clients.

Remediation

It's recommended to disable showing exception details to clients by setting the <strong>serviceDebug</strong> property <strong>includeExceptionDetailInFaults</strong> set to <strong>false</strong>. <pre> &lt;serviceDebug includeExceptionDetailInFaults=&quot;false&quot; /&gt; </pre>

References

Related Vulnerabilities