Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
ASP.NET forms authentication using inadequate protection - Vulnerability Database

ASP.NET forms authentication using inadequate protection

Description

This web application is configured to use forms authentication but has the forms property protection set to a value that is not All (the default value is All). The All value is the recommended value for this property as this protection mode will both encrypt and validate the forms authentication cookie.

Remediation

It's recommended to set the <strong>forms</strong> property <strong>protection</strong> to <strong>All</strong>. <pre> &lt;authentication mode=&quot;Forms&quot;&gt; &lt;forms ... protection=&quot;All&quot; /&gt; &lt;/authentication&gt; </pre>

References

FormsAuthenticationConfiguration.Protection

Related Vulnerabilities

Trace.axd Detected High
Common tags: Configuration
Apache Airflow Experimental API Auth Bypass CVE-2020-13927 High
Common tags: Configuration
Joomla J!Dump extension enabled Medium
Common tags: Configuration
Joomla Debug Console enabled Medium
Common tags: Configuration
Jetty Information Disclosure (CVE-2021-34429) Medium
Common tags: Configuration

Severity

Medium

Classification

CWE-16
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Configuration