Information Disclosure - Error Messages

Vulnerability Details

The application displays detailed error messages containing sensitive technical information that could aid attackers.

Error messages revealing stack traces, database queries, file paths, or version information help attackers understand the system and plan further attacks.

Implement custom error pages that do not reveal technical details. Log detailed errors server-side only. Use generic user-facing error messages. Review error handling across the application.

• https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_For_Improper_Error_Handling