What is System Information Leak And How To Fix It




System Information Leak

Description: When applications throw detailed error messages or printstacktrace during the execution of a program then that application is considered to be vulnerable to system information leak.

Impact: An adversary could take advantage of system information leak and plan for an attack on the application.

How To Fix:

  1. Ensure that the applications do not use PrintStackTrace() method that throws detailed error message to the user
  2. Make sure that the application has implemented appropriate try and catch blocks to avoid any leakage of error messages
  3. Ensure that the application is configured to throw generic error messages in case of an error to hide error details.