Lack of data validation - Session Cookie
Description
The Session Cookie is generated from any value sent from the front end, allowing to modify it and set an insecure session cookie.
Impact
- Set any value as a session cookie. - Consume reporting services without authorization.
Recommendation
Prevent modification of the session cookie value.
Threat
External attacker with Internet access and a valid token.
Expected Remediation Time
⏱️ 60 minutes.