Download Netsparker
Pricing
Blog
Contact
Netsparker

Open Silverlight Client Access Policy Detected

Netsparker detected an open Silverlight client access policy file (ClientAccessPolicy.xml).

Impact

The ClientAccessPolicy.xml file allows other Silverlight client services to make HTTP requests to your web server and see its response. This might be used for accessing one time tokens and CSRF nonces to bypass CSRF restrictions.

Remedy

Configure your ClientAccessPolicy.xml file to prevent access from everywhere outside your domain.

External References


Go back to the Complete list of Vulnerability Checks.