Summary #

Invicti detected an Open Silverlight Client Access Policy file (ClientAccessPolicy.xml).

Impact #
The ClientAccessPolicy.xml file allows other Silverlight client services to make HTTP requests to your web server and see its response. This might be used for accessing one time tokens and CSRF nonces to bypass CSRF restrictions.
Remediation #
Configure your ClientAccessPolicy.xml file to prevent access from everywhere outside your domain.
Classifications #
CWE-16; ISO27001-A.14.2.5; WASC-15; OWASP 2013-A5; OWASP 2017-A6 , CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo