Security scan failure on Cute Live Support - Predictable Cookie Session IDs

Last post 05-31-2012, 11:28 AM by Kenneth. 1 replies.
Sort Posts: Previous Next
  •  05-31-2012, 5:17 AM 73800

    Security scan failure on Cute Live Support - Predictable Cookie Session IDs

    Hi,
    Our website has failed an external security scan recently due to Predictable Cookie Session IDs from one of the Cute Live Support pages.  I was wondering if you have a suggestion to remedy this problem.  The page it picked up was "CuteSoft_Client/CuteChat/Suppor
    t-Visitor-monitor-crossdomain.js.aspx" and the error was for Low Entropy. "The cookie was found to have only 26.3539045366726bits of entropy."
     
    I suspect this is caused in this line of code "customerid='<%=ChatWebUtility.CreateGuidByDate()%>';", is there an alternative you can suggest to make this more secure?
     
    Thanks,
    John
     
  •  05-31-2012, 11:28 AM 73801 in reply to 73800

    Re: Security scan failure on Cute Live Support - Predictable Cookie Session IDs

    Hi johncorker,

     Are you using it on cross domain? If not, this file is not necessary, you can delete it. should avoid this problem. This file only use for cross domain monitor.

    "/CuteSoft_Client/CuteChat/Support-Visitor-monitor-crossdomain.js.aspx"

     

    Thanks for asking,

     

    Ken

View as RSS news feed in XML