Menu
Are WCF services vulnerable to XXE attacks? If yes are there ways to prevent it? Recently we had a security audit of our application in my company and they have highlighted that they were able to send extra content into an API (in the form of external entities) and they received a 200 response. They didn't demonstrate how it can be exploited because of time constraints, but it was raised as a concern. I am tasked to review and take actions on it and I am unable to find any resources discussing XXE in WCF - which makes me wonder if WCF is designed to prevent XXE attacks.
Any help/leads are appreciated
881
Short Response : Yes it is. After that, you could secure it . See https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html
90
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
