Description

This web application is configured with the localServiceSettings property detectReplays set to false. When configured this way, the WCF service is not protected against replay attacks (replaying messages between the client and service or vice versa).

Remediation

It's recommended to enable message replay detection by setting the localServiceSettings property detectReplays to true. 

<localServiceSettings detectReplays="true" />

References

How to: Enable Message Replay Detection

Related Vulnerabilities

Vulnerable project dependencies

Unprotected Apache NiFi API interface

ASP.NET login credentials stored in plain text

Subresource Integrity (SRI) Not Implemented

GraphQL Field Suggestions Enabled

Severity

Medium

Classification

CWE-16 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Configuration