We just had a PCI Compliance scan done through SecurityMetrics
and have one issue:
Get in touch with your account rep and ask them to disable that specific
test. It is mitigated by the fact that ColdFusion session IDs (which are
sequential if you're using standard CF sessions) are only valid
The fact of the matter is how can the scanning company know
what cookie values you are using to track sessions unless they
can see your code. They can't unless they can successfully
demonstrate a session highjacking with your server. That
means they are guessing. That whole bit kind of
We just had a PCI Compliance scan done through SecurityMetrics and have one
issue:
Synopsis: The remote web server generates predictable session IDs
Description: The remote web server generates a session ID for each
connection. A
, 2010 8:58 PM
Subject: PCI Compliance Help
We just had a PCI Compliance scan done through SecurityMetrics and have
one issue:
Synopsis: The remote web server generates predictable session IDs
Description: The remote web server
4 matches
Mail list logo