+ Reply to Thread
Results 1 to 2 of 2

Thread: Trustwave won't give a Passing PCI

  1. April 5th, 2012 03:36 PM #1
    BlueBanana
    BlueBanana is offline
    Client
    Join Date
    Jun 2007
    Posts
    6
    Squirrelcart version
    not specified!

    Trustwave won't give a Passing PCI

    The error is as follows

    The remote web application is using predictable cookie-based session IDs. Ideally, session IDs are randomly generated numbers that cannot be guessed by attackers. If the session ID is predictable, an attacker could hijack an active victim's session, allowing the attacker to interact with the server as though they were the victim. If the session ID is used to track the state of authentication, the session ID of an authenticated user could be guessed, bypassing any need for a username or password.

    CAn this be corrected somewhere ? or DIsputed to PCI Trustwave ?
    Reply With Quote Reply With Quote
  2. April 5th, 2012 11:27 PM #2
    Jamie
    Jamie is offline
    Squirrelcart Staff Jamie's Avatar
    Join Date
    May 2002
    Posts
    7,272
    Squirrelcart version
    v3.5.0
    If you open a helpdesk ticket and provide access to your site and your trustwave scan report we can look into it.
    Thanks,
    Jamie

    PHP shopping cart software - Squirrelcart

    Please rate or review us!
    Hotscripts PHP Resource Index



    Reply With Quote Reply With Quote
+ Reply to Thread
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules