Netsparker detected a possible ASP.NET configuration file (
web.configfile, database connection strings, username and passwords, the internal workings, used and referenced libraries and business logic of application might be revealed. With such information, an attacker can mount the following types of attacks:
web.configfile is actually the web application's
web.configfile, change your configuration to prevent public users from accessing it. If it is not, then remove it from the web server.