Hi Team,
One of our customers has executed a vulnerability analysis against the NAV 2018 web client.
The tool reported the following vulnerabilities, so it's on us now to provide clarifications.
1. Slow HTTP POST vulnerability on the main URL (https://domainname.com/nav_web
2. Cookie Does Not Contain The "secure" Attribute (domainname.com/.../SignIn)
We appreciate your feedback on the above matters.
Best Regards,
Angelos
*This post is locked for comments