Rails Debug Mode Enabled

By
Sooraj V Nair
Published on
20 Dec 2021
Vulnerability

Description

Ruby on Rails web application is running in development mode. The target web server is disclosing some system information data on the HTTP response. When generating a Ruby on Rails application, it will create three environments: development, production and test. In development mode, Rails is not secure; it leaks a lot of sensitive information about the application internals.Also it enables extra debugging behaviors that assist developers, as well as attackers.

An attacker can get information such as:

  • Middleware
  • Application root

This information might help an attacker gain more information and potentially to focus on the development of further attacks to the target system.

Recommendation

Configure rails application to run in production mode. Using the following command.

rails server -e production

Change config/application.rb file to disable development mode.

config.consider_all_requests_local=false

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Sooraj V Nair
Sooraj V Nair
Cyber Security Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment