If ELMAH is not properly configured elmah.axd file can allows attackers to gain information about the application.
ELMAH (Error Logging Modules and Handlers) is a powerful, free tool an application-wide error logging facility that is completely pluggable. But, it is configured improperly on target website, and that allows attackers to gain information about the application.
An attacker can obtain information such as:
This means that the attacker can hijack any active user's session by using their session details.
It should be removed or access restriction should be applied.