Forum Discussion
Security Vulnerability Issues found in SharePoint 2016 site
One of our client facing follow issues:
They are running a tool to check security vulnerability across the site created using SharePoint 2016. After the run, they sent us following issues generated by their tool.
1. Unencrypted view state in ASP.NET 2.0 could leak sensitive information
2. Application error message
3. Predictable resource location
4. Clickjacking - X-Frame-Options header is not set
5. Email Address Found
6. Programming language name and version disclosure
7. Web server version disclosure
8. Possible Physical Path disclosure.
Therefore, I would like to ask to all the SharePoint expert out there what will be the solutions for these issues and does that have any impact on the site.
3 Replies
- Is the SharePoint site internal or externally accessible? ie is it available on the internet?
- It is available on the internet ( i.e. public ).
- There is too little information here to take action on. Various security scanning tools are deficient in terms of scanning SharePoint sites, which have some unique requirements. Many of these "issues" cannot be corrected.
Expand on the issue with each bullet point, if you could.
