Excerpt | ||||
---|---|---|---|---|
| ||||
The text below is a summary of the security audit performed by Néosoft. You can also download the full report. |
...
The cookies used by the main application do not have a configured "SameSite" security attribute.
The "SameSite" attribute helps mitigate the risks associated with Cross-Site Request Forgery (CSRF) attacks. In this case, the absence of this protection makes the application more vulnerable to potential CSRF attacks.
Likelihood : 1 (Low)
Potential impact : 1 (Low)
Note : This point cannot be corrected at the moment, as the Keycloak solution, external authentication provider can not work with this cookie so it doesn't support it because the OAuth authentication (Keycloak) uses the cookie for authentication across all our websites (c.f. explaining by the Keycloak team ). As this issue is associated with a very low criticality, it was decided to rate it as a false-positive.
Risk assessment grades
...
Expand | ||
---|---|---|
| ||
SAS au capital de 832.000€ - 41-45 Bd Romain Rolland – 75014 PARIS Tél : +33 (0)1 41 10 41 60 - e-mail: mailto:contact.site@neo-soft.fr – http://www.neosoft.fr |
...