You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Which version of Duende IdentityServer are you using?
7.0 Which version of .NET are you using?
8.0
My client requested a third-party security company to conduct a vulnerability scan, which identified the EndSessionCallback request's endSessionId parameter as sensitive information leakage due to the inclusion of the keyword session. My client has limited knowledge about security and asked us to make modifications. Could you provide a method to rename this parameter or change it to static readonly? I am considering using reflection to modify it.
The text was updated successfully, but these errors were encountered:
Just because of the name, mainly because the client does not understand security-related knowledge and only listens to reports from third-party security companies.
Which version of Duende IdentityServer are you using?
7.0
Which version of .NET are you using?
8.0
My client requested a third-party security company to conduct a vulnerability scan, which identified the EndSessionCallback request's endSessionId parameter as sensitive information leakage due to the inclusion of the keyword session. My client has limited knowledge about security and asked us to make modifications. Could you provide a method to rename this parameter or change it to static readonly? I am considering using reflection to modify it.
The text was updated successfully, but these errors were encountered: