Hi guys,
We started testing Auth0 in our application to provide more security and reliability to our customers. However, one of these customers applied the Qualys TotalAppSec security verification test and identified a medium vulnerability and two info security weaknesses. The customer wants this vulnerability and the two info security weaknesses to be resolved, so I kindly ask for the community’s help so that we can resolve these issues.
Vulnerability:
- 150476 Cookies Issued Without User Consent, we tried to resolve it by applying this possible solution - link. Would that be the only one or would there be something else to be done?
Info Security Weaknesses:
-
Third-party Cookies Collected: The refresh token was configured, but the custom domain was not yet configured. Would this problem be resolved with the refresh token and custom domain or would there be something else to be done?
-
Cookie without SameSite attribute: in this topic, I honestly don’t know how to solve it. I saw this link and didn’t see how to solve it. Can anyone point out a solution or even an article that invalidates this point? One solution that could solve this would be to assign the cookie as strict, but I believe I do not have access to such settings.
Thanks