When debug="true" is enabled in the <compilation> element of the Web.config file, the application generates debug binaries. This may expose sensitive information and negatively impact performance and security.
<system.web>
<compilation debug="true" targetFramework="4.8" />
</system.web>
This issue affects multiple xConnect service roles, including:
This configuration has been identified as a security vulnerability related to CWE-11: ASP.NET Misconfiguration: Creating Debug Binary. The issue has also been identified as a bug. To track the future status of this bug report, please use reference number PDXP-28475. More information about public reference numbers can be found here: How to use public reference numbers
For all affected xConnect service roles, ensure that debug mode is disabled in the <compilation> element of the Web.config file:
<system.web>
<compilation debug="false" targetFramework="4.8" />
</system.web>