Description

Detects when ASP.NET cookies are configured with SameSite=None in web.config files, which can make cookies vulnerable to CSRF attacks. This configuration allows cookies to be sent in cross-site requests, potentially enabling malicious sites to perform actions on behalf of authenticated users.

Detection Strategy

• Review web.config files for cookie configuration sections

• Look for <httpCookies> XML elements in the configuration

• Check if the samesite attribute is explicitly set to 'none' (case-insensitive)

• Report a vulnerability when SameSite=None is found since it weakens cookie security

Vulnerable code example

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.web>
    <!-- Vulnerable: sameSite="None" allows cookies to be sent in cross-site requests, enabling CSRF attacks -->
    <httpCookies httpOnlyCookies="true" requireSSL="true" sameSite="None" />
  </system.web>
</configuration>

✅ Secure code example

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.web>
    <!-- Secure: sameSite="Strict" provides strongest protection against CSRF attacks -->
    <httpCookies httpOnlyCookies="true" requireSSL="true" sameSite="Strict" />
  </system.web>
</configuration>