Open Silverlight Client Access Policy

Summary

Acunetix 360 detected an Open Silverlight Client Access Policy file (ClientAccessPolicy.xml).

Impact

The ClientAccessPolicy.xml file allows other Silverlight client services to make HTTP requests to your web server and see its response. This might be used for accessing one time tokens and CSRF nonces to bypass CSRF restrictions.

Remediation

Configure your ClientAccessPolicy.xml file to prevent access from everywhere outside your domain.

Severity

Medium

Classification

CWE-16 ISO27001-A.14.2.5 WASC-15 OWASP 2013-A5 OWASP 2017-A6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C