Rails Debug Mode Enabled

By
Sooraj V Nair
Published on
20 Dec 2021
Vulnerability

Description

Ruby on Rails web application is running in development mode. The target web server is disclosing some system information data on the HTTP response. When generating a Ruby on Rails application, it will create three environments: development, production and test. In development mode, Rails is not secure; it leaks a lot of sensitive information about the application internals.Also it enables extra debugging behaviors that assist developers, as well as attackers.

An attacker can get information such as:

  • Middleware
  • Application root

This information might help an attacker gain more information and potentially to focus on the development of further attacks to the target system.

Recommendation

Configure rails application to run in production mode. Using the following command.

rails server -e production

Change config/application.rb file to disable development mode.

config.consider_all_requests_local=false


Written by
Sooraj V Nair
Sooraj V Nair
Cyber Security Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days