Vendor services misconfigurations

‘Remote debugging’ setting isn’t disabled on your app service

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

Using remote debugging configuration, you can connect Visual Studio to your own Azure application/function and gain full control on it. This configuration is supported for Python, ASP.NET, ASP.NET Core, or Node.js apps. In case an attacker will gain access to your app and will use remote debugging state abilities, there could be severe consequences following that.
  • Recommended Mitigation

    Under Configuration -> General settings, set 'Remote debugging' to 'Off'