We recently had a PenTest on our Umbraco 6.1.6 website on which we use ImageGen Pro version 2.9.0.30864.
"It was observed that the tested website discloses information about its configuration and components' versions. This provides information to an attacker about the underlying platform and technologies that could have otherwise been unknown: ImageGen Professional version disclosure."
Kinda silly, I know, but... is there a way hide all the ImageGen version stuff? We already have <HideDomains>true</HideDomains> in the config.
Hide ImageGen version
Hello,
We recently had a PenTest on our Umbraco 6.1.6 website on which we use ImageGen Pro version 2.9.0.30864.
"It was observed that the tested website discloses information about its configuration and components' versions. This provides information to an attacker about the underlying platform and technologies that could have otherwise been unknown: ImageGen Professional version disclosure."
Kinda silly, I know, but... is there a way hide all the ImageGen version stuff? We already have <HideDomains>true</HideDomains> in the config.
Cheers! :)
Hi, Franz,
Sorry, there isn't a way to display no information at all from ImageGen.
You might consider a urlrewrite rule or router rule that disallows requests to ImageGen.ashx?version from any outside IP address.
cheers,
doug.
Thanks Doug! :)
is working on a reply...