cross-site-websocket-hijacking
cross-site-websocket-hijacking
The app is not validating the origin when establishing a websocket server. Websocket connections are not bound by the same-origin policy. Connections that do not validate the origin may leak information to an attacker.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-346: Origin Validation Error
OWASP:
- A05:2021 - Security Misconfiguration
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-346: Origin Validation Error
OWASP:
- A05:2021 - Security Misconfiguration