What is System Information Leak And How To Fix It

System Information Leak

System Information Leak

Description: When applications through detailed error messages or printstacktrace during the execution of a program then that application is considered to be vulnerable to system information leak.

Impact: An adversary could take advantage of system information leak and plan for an attack on the application.

 

How To Fix:

  1. Ensure that the applications do not use PrintStackTrace() method that throws detailed error message to the user
  2. Make sure that the application has implemented appropriate try and catch blocks to avoid any leakage of error messages
  3. Ensure that the application is configured to throw generic error messages in case of an error to hide error details.