Base solution for your next web application
Open Closed

Information Disclosure – Application Configuration Data #10125


User avatar
0
KieranIrl created

Version: 10.2.0

Hi there We were recently Pen Tested. They failed us on this:

"When an unauthenticated user browses to https://xxxx.xxx.net/, a request is automatically triggered to https://xxxx.xxx.net/AbpUserConfiguration/GetAll and contains information about the application"

Is there a way for us to hide/block access to this endpoint AbpUserConfiguration/GetAll as it contains alot of data useful in the wrong hands.

Thank you


1 Answer(s)