Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Excerpt
hiddentrue
nameSecurity Audit 2023

The text below is a summary of the security audit performed by Néosoft. You can also download the full report.

...

  • The cookies used by the main application do not have a configured "SameSite" security attribute.
    The "SameSite" attribute helps mitigate the risks associated with Cross-Site Request Forgery (CSRF) attacks. In this case, the absence of this protection makes the application more vulnerable to potential CSRF attacks.
    Likelihood : 1 (Low)
    Potential impact : 1 (Low)
    Note : This point cannot be corrected at the moment, as the Keycloak solution, external authentication provider can not work with this cookie so it doesn't support it because the OAuth authentication (Keycloak) uses the cookie for authentication across all our websites (c.f. explaining by the Keycloak team ). As this issue is associated with a very low criticality, it was decided to rate it as a false-positive.

Risk assessment grades

...

Expand
titleNEO-SOFT SERVICES

SAS au capital de 832.000€ - 41-45 Bd Romain Rolland – 75014 PARIS

Tél : +33 (0)1 41 10 41 60 - e-mail: mailto:contact.site@neo-soft.fr http://www.neosoft.fr
RCS PARIS 484 348 487
N° TVA : FR23484348487

...