SAP Knowledge Base Article - Preview

3280312 - ROUTE cookies explained

Symptom

Third party internal security scanner may indicate that ROUTE cookie might be a vulnerability in SAP Commerce Cloud.

Session tokens that exhibit low entropy ("randomness") are often susceptible to prediction attacks. Insecure tokens can be due to inadequate pseudo-random number generator, time-based values, static values, or values based on user attributes (username or user ID).

Also, there is need an explain of what ROUTE cookie is used for.
This KBA was created to describe the purpose of the ROUTE cookie.


Read more...

Environment

CCV2

Product

SAP Commerce Cloud 1905 ; SAP Commerce Cloud 2005 ; SAP Commerce Cloud 2011 ; SAP Commerce Cloud 2105 ; SAP Commerce Cloud 2205 ; SAP Commerce Cloud 2211

Keywords

ROUTE, cookie, web server, security, ingress , KBA , CEC-COM-CPS-OTH , Other topics , CEC-HCS-CCAZ-WEB , Web Layer - Apache , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.