question

luhmava07 avatar image
luhmava07 asked

Cross domain policy - CWE-942 error

Hello everyone! We are working with a customer, but we are informed that there is a high security risk with this URL: **https://TITLE.playfabapi.com/crossdomain.xml**

Issue detail attached 6066-issue-detail.txt

The report emphasizes this:

6081-securityrisk.png

I want to know if this is really a security risk for the customer and if there is a way to fix this error, I am not very expert on the subject but looking in the documentation I found that some adjustments can be made in the API policy however these are only would be affected on the client side. Is it possible to make an adjustment in this regard to avoid this risk (if applicable)?

apis
securityrisk.png (249.1 KiB)
issue-detail.txt (1.5 KiB)
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Neils Shi avatar image
Neils Shi answered

This crossdomain.xml is used for Flash cross-domain policy. As Flash is not supported anymore, I’d think there is no security risk. But I’ll report this to our engineering team. Thank you for pointing this out.

1 comment
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

luhmava07 avatar image luhmava07 commented ·

Could you inform me about the conclusion that the engineering team gave?

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.