+ Reply to Thread
Results 1 to 2 of 2

Thread: Trustwave won't give a Passing PCI

  1. #1
    Client
    Join Date
    Jun 2007
    Posts
    6
    Squirrelcart version
    not specified!

    Trustwave won't give a Passing PCI

    The error is as follows

    The remote web application is using predictable cookie-based session IDs. Ideally, session IDs are randomly generated numbers that cannot be guessed by attackers. If the session ID is predictable, an attacker could hijack an active victim's session, allowing the attacker to interact with the server as though they were the victim. If the session ID is used to track the state of authentication, the session ID of an authenticated user could be guessed, bypassing any need for a username or password.

    CAn this be corrected somewhere ? or DIsputed to PCI Trustwave ?

  2. #2
    Squirrelcart Staff Jamie's Avatar
    Join Date
    May 2002
    Posts
    8,015
    Squirrelcart version
    v3.5.0
    If you open a helpdesk ticket and provide access to your site and your trustwave scan report we can look into it.

+ Reply to Thread

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts