Skip to main content

Notifications

Announcements

No record found.

Microsoft Dynamics NAV (Archived)

NAV 2018 Web Client Vulnerabilities

(0) ShareShare
ReportReport
Posted on by 5

Hi Team,

One of our customers has executed a vulnerability analysis against the NAV 2018 web client.

The tool reported the following vulnerabilities, so it's on us now to provide clarifications.

1. Slow HTTP POST vulnerability on the main URL (https://domainname.com/nav_web

2. Cookie Does Not Contain The "secure" Attribute (domainname.com/.../SignIn)

We appreciate your feedback on the above matters.

Best Regards,

Angelos 

*This post is locked for comments

  • Angelos Kontos Profile Picture
    Angelos Kontos 5 on at
    RE: NAV 2018 Web Client Vulnerabilities

    Thanks Stefano for the prompt response.

    For 1 this is what i was thinking as well.

    For 2 however I had no idea. We always use HTTPS in any case.

  • Suggested answer
    Stefano Demiliani Profile Picture
    Stefano Demiliani 37,162 Most Valuable Professional on at
    RE: NAV 2018 Web Client Vulnerabilities

    Just my opinion:

    1) Not true. to prevent Slow HTTP Post vulnerabily NAV server has an option to set a request timeout as per your needs.

    2) Cookie Does Not Contain The "secure" Attribute: NAV 2018 is stateless, doesn't use cookies and uses Windows Authentication. However, this could be a "problem" if you use HTTP over internet. But you can use HTTPS if you want more security over the internet (recommended).

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Congratulations 2024 Spotlight Honorees!

Kudos to all of our 2024 community stars! 🎉

Meet the Top 10 leaders for December!

Congratulations to our December super stars! 🥳

Get Started Blogging in the Community

Hosted or syndicated blogging is available! ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,622 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,354 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans