DerScanner
Home / Vulnerability Database / C-sharp : Information leak: SignalR
C#

C-sharp : Information leak: SignalR

Classification

OWASP Top 10 2013
A6-Sensitive Data ExposureA5-Security Misconfiguration
OWASP Top 10 2017
A3-Sensitive Data ExposureA6-Security Misconfiguration
OWASP Top 10 2021
A2-Cryptographic FailuresA4-Insecure DesignA5-Security Misconfiguration
OWASP ASVS
ConfigurationError Handling and LoggingError Handling and Logging
PCI DSS 4.0
6.2.4
CWE
CWE-200CWE-209CWE-497CWE-1031CWE-1032
CWE/SANS Top 25 2021
CWE-200

Overview

System configuration information leak is possible. This can help an attacker to plan an attack.

Automatically generated JavaScript proxy files can lead to information leakage on the system as they list all the exposed methods in the hubs.

If you do not want to include all hubs and methods in the JavaScript proxy file for each user, you can disable the automatic generation of the file. Disable automatic file generation if you have multiple hubs and methods, and you do not want every user to be aware of all of the methods.

References

  1. OWASP Top 10 2013-A5-Security Misconfiguration
  2. Introduction to SignalR Security
  3. OWASP Top 10 2017-A3-Sensitive Data Exposure
  4. OWASP Top 10 2017-A6-Security Misconfiguration
  5. CWE-497
  6. CWE CATEGORY: OWASP Top Ten 2017 Category A5 - Broken Access Control
  7. CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
  8. CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  9. CWE-209: Generation of Error Message Containing Sensitive Information
LOW

DerScanner Severity Score

Do you want to fix C-sharp : Information leak: SignalR in your application?

See also

C#

C-sharp : JWT: None Algorithm

C#

C-sharp : Insecure data transmission: Database

C#

C-sharp : Only one of method Equals() and GetHashCode() defined