We are looking for guidance on remediating a security vulnerability that Invicti (Netsparker) identified on:
https://website/wiki/Special:Watchlist.
The scan has highlighted the word "token" in the http response. (ex: mw.user.tokens.set, wltoken, ...)
We are not sure of which cookie the remediation notes are referring to when it says using the SameSite Cookie attribute will mitigate the issue.
Invicti Enterprise reported a Possible BREACH Attack issue because the target web page meets the following conditions that facilitate it:
- Served from a server that uses HTTP-level compression (ie. gzip)
- Reflects user-input in the HTTP response bodies
- Contains sensitive information (such as a CSRF token) in HTTP response bodies
To mitigate the issue, we recommend the following solutions:
- If possible, disable HTTP level compression
- Separate sensitive information from user input
- Protect vulnerable pages with CSRF token. The SameSite Cookie attribute will mitigate this issue, because to exploit this issue an attacker forces the victim to visit a target website using invisible frames. With the SameSite cookie attribute added, cookies that belong to the target won't be sent with a request that does not include top level navigation.
- Hide the length of the traffic by adding a random number of bytes to the responses.
- Add in a rate limit, so that the page maximum is reached five times per minute.