My IA department has run a security can on our MVC application and the following error was displayed: Information disclosure vulnerabilities are leaks of information from an application which are used by the attacker to perform a malicious attack against the application.
Applications should not disclose information not required for the transaction (e.g. a web application should not divulge the fact there is a SQL server database and it's version) This provides attackers additional information which they can use to find other attack avenues, or tailor specific attacks, on the application.
The designer will ensure the application does not disclose unnecessary information the users.
I am new to IA application security fixes so any recommendations would be great!
Thanks,
Steve Holdorf