Description: An attacker, by triggering an application error, can be presented with a detailed Whoops error page. This page reveals sensitive information such as application file paths, source code snippets, variable values (including potentially credentials, API keys, user data), server environment variables, and included files. This information allows deep insights into the application's workings and sensitive data.
Impact:
- Confidentiality Breach: Exposure of sensitive application data and configuration details.
- Increased Attack Surface: Detailed information significantly aids attackers in identifying and exploiting other vulnerabilities.
- Privilege Escalation: Exposed credentials could lead to unauthorized access.
- Reputation Damage: Public disclosure of sensitive information and security misconfiguration.
Whoops Component Affected: PrettyPageHandler, Run class (core error handling and rendering).
Risk Severity: Critical (in production environments) / High (in publicly accessible non-production environments).
Mitigation Strategies:
- Disable Whoops in Production: Ensure Whoops is completely disabled in production environments using environment variables or configuration settings.
- Environment-Based Conditional Loading: Load and register Whoops error handler only in development environments.
- Strict Configuration Management: Maintain separate configurations for development, staging, and production, ensuring Whoops is disabled in production.
- Code Reviews and Testing: Verify in code reviews and testing that Whoops is disabled in production configurations.
- Regular Security Audits: Periodically audit configurations to confirm Whoops is not enabled in production.
Description: Whoops error pages inadvertently disclose security-relevant configuration details about the application and server environment. This includes server paths, software versions, internal network paths, and potentially details about the underlying operating system. Attackers can use this information to understand the technology stack, identify known vulnerabilities, and tailor attacks.
Impact:
- Security Misconfiguration Exploitation: Attackers can leverage disclosed configuration details to identify and exploit other vulnerabilities in the application or infrastructure.
- Increased Reconnaissance: Reduces attacker effort in gathering information about the target system.
- Targeted Attacks: Enables attackers to craft more precise and effective attacks based on the revealed environment.
Whoops Component Affected: PrettyPageHandler, Run class (information gathering and display).
Risk Severity: High (in production environments).
Mitigation Strategies:
- Disable Whoops in Production: Primary mitigation, preventing exposure of error details.
- Environment-Based Conditional Loading: Limit Whoops to development environments.
- Strict Configuration Management: Ensure consistent and secure configurations across environments.
- Regular Security Audits: Verify configurations and identify potential misconfigurations.
- Minimize Information in Error Messages (Indirect): While Whoops is designed to be verbose, review application code to avoid accidentally logging overly sensitive configuration details in variables that might be caught by Whoops.