Information Disclosure

Information disclosure occurs when applications reveal sensitive information through error messages, debug output, or metadata that attackers can use for reconnaissance.

Scan for This Vulnerability

What is Information Disclosure?

Applications often leak information that helps attackers understand the system - stack traces revealing framework versions, error messages exposing database structure, headers showing server software, or API responses including internal IDs. This information aids in crafting targeted attacks.

How It Happens

Verbose error messages in production
Stack traces exposed to users
Debug mode enabled in production
Server version headers not removed
Internal IDs in API responses

Impact

Easier vulnerability discovery for attackers

Database structure revelation

Technology stack identification

Internal path and configuration exposure

How to Detect

Trigger errors and examine responses
Check response headers for version info
Look for stack traces in error pages
Run VAS to detect information leakage

How to Fix

Use generic error messages

Don't expose internal details to users.

// BAD
return res.status(500).json({
  error: "PostgreSQL error: column 'user_id' not found in table 'users'"
});

// GOOD
return res.status(500).json({
  error: "An error occurred. Please try again."
});

Disable debug mode in production

Ensure debugging features are off.

// Next.js - check NODE_ENV
if (process.env.NODE_ENV === 'production') {
  // Production settings
}

Remove version headers

Hide technology information from responses.

// Next.js
module.exports = {
  poweredByHeader: false,
}

Commonly Affected Platforms

Vercel Security Netlify Security Railway Security Render Security Lovable Security

Is Your App Vulnerable?

VAS automatically scans for information disclosure and provides detailed remediation guidance.

Run Security Scan

Related Vulnerabilities

Source Map Exposure Error Handling