Hi all,
We have been audited (pen test) and they identified few security vulnerabilities.
One of them is that tracing is enabled on our ADFS 3.0 servers and that we should disbale it.
On IIS disabling tracing is easy, you have just to add a line to the web.config file.
But with ADFS 3.0, http.sys is used on behalf of IIS and i can find nothing regarding this information.
Any idea from the great community ??