web

You’re offline. This is a read only version of the page.

News and Announcements icon

Dynamics 365 CommunityForums Microsoft Dynamics NAV (Archived) NAV 2018 Web Client Vu...

Microsoft Dynamics NAV (Archived)

NAV 2018 Web Client Vulnerabilities

(0) Share

Report

Report

Posted on by Angelos Kontos

7

Hi Team,

One of our customers has executed a vulnerability analysis against the NAV 2018 web client.

The tool reported the following vulnerabilities, so it's on us now to provide clarifications.

1. Slow HTTP POST vulnerability on the main URL (https://domainname.com/nav_web

2. Cookie Does Not Contain The "secure" Attribute (domainname.com/.../SignIn)

We appreciate your feedback on the above matters.

Best Regards,

Angelos

*This post is locked for comments

I have the same question (0)

All responses Img

All responses (2)

Answers Img

Answers (0)

Suggested answer

Stefano Demiliani 37,166 Most Valuable Professional on at

Like (0)

Report

Just my opinion:

1) Not true. to prevent Slow HTTP Post vulnerabily NAV server has an option to set a request timeout as per your needs.

2) Cookie Does Not Contain The "secure" Attribute: NAV 2018 is stateless, doesn't use cookies and uses Windows Authentication. However, this could be a "problem" if you use HTTP over internet. But you can use HTTPS if you want more security over the internet (recommended).

Was this reply helpful? Yes No
Angelos Kontos 7 on at

Like (0)

Report

Thanks Stefano for the prompt response.

For 1 this is what i was thinking as well.

For 2 however I had no idea. We always use HTTPS in any case.

Was this reply helpful? Yes No

Helpful resources

Quick Links

Leaderboard > 🔒一 Microsoft Dynamics NAV (Archived)

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans