Elmah.axd is publicly accessible and leaking Error Log for ROOT on █████_PRD_WEB1 █████████elmah.axd

**Description:** Hello, Security team, hope you are doing well. I found out that elmah.axd is publicly accessible on ████████ which is leaking error log which contain cookies and server code etc. ## Step-by-step Reproduction Instructions 1. Go to ██████elmah.axd and you will see the error logs. 2. Same issue on█████████/elmah.axd ## Suggested Mitigation/Remediation Action: Implement proper authentication on elmah.axd or forbidden access . For reference - https://blog.elmah.io/elmah-security-and-allowremoteaccess-explained/ https://elmah.github.io/a/securing-error-log-pages/ ## Impact Attacker can get access to any employee account using the cookies which he found in error log and also he can dump for endpoints. Please find an attachment of poc and if you need more information please let me know Best Regards, Rudra16