Access restriction bypass via origin spoof

Kurt Moskjær Andersen

Posted on 03/04/2019 13:00:32

Hi,

One of our clients are using Blackstone One to check their website for security breaches. They have received a couple of warnings about "Access restriction bypass via origin spoof", where Blackstone One gives the following description:

"BlackstoneOne discovered a resource that it did not have permission to access, but been granted access after spoofing the address of localhost (127.0.0.1), thus bypassing any requirement to authenticate."

Anyone else seen this problem and figured out a way of fixing it?

--
Best regards
Kurt Moskjaer Andersen

Replies

Nicolai Pedersen

Posted on 03/04/2019 14:46:32

Hi Kurt

I think it require a little more insight into the report to give an answer. Usually this kind of error is related to an issue where you have a ip restriction on content - which can be bypassed. So if you have more information from the report, please post here - or feel free to send it to us.

BR Nicolai

Kurt Moskjær Andersen

Posted on 03/04/2019 15:01:06

Hi Nicolai,

I will try to get a more thorough report from them and get back to you.

/Kurt

You must be logged in to post in the forum

Developer forum

Access restriction bypass via origin spoof

Replies