Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / Have a problem when si...
Customer experience | Sales, Customer Insights,...
Unanswered

Have a problem when signout MSCRM 365 on-premise that config ADFS the cookies are reused in "cookie replay attack".

(0) ShareShare
ReportReport
Posted on by Billon 75

My security team come to test MSCRM application (IFD ADFS) in case "cookie replay attack".

When user signout from CRM and they snap request and cookies then use it to replay request for teset case "cookie replay attack".

They able to get data from crm !!!.In this case application is fail in security test.

How should i do to fix it to check user is authenticated before allowed to call other service.

hacking.gif

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,280 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,214 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans