Security scan failure on Cute Live Support - Predictable Cookie Session IDs

  •  05-31-2012, 5:17 AM

    Security scan failure on Cute Live Support - Predictable Cookie Session IDs

    Hi,
    Our website has failed an external security scan recently due to Predictable Cookie Session IDs from one of the Cute Live Support pages.  I was wondering if you have a suggestion to remedy this problem.  The page it picked up was "CuteSoft_Client/CuteChat/Suppor
    t-Visitor-monitor-crossdomain.js.aspx" and the error was for Low Entropy. "The cookie was found to have only 26.3539045366726bits of entropy."
     
    I suspect this is caused in this line of code "customerid='<%=ChatWebUtility.CreateGuidByDate()%>';", is there an alternative you can suggest to make this more secure?
     
    Thanks,
    John
     
View Complete Thread