Hi Team,
During our assessment it was observed that, services are configured with wildcard entries in CORS configuration to provide access to any URL as well as credentials
NOTE: It is advised to implement the recommendation throughout the application
Risk/Impact :
Misconfiguration of CORS can lead to major security risk like leaking of API keys, other users critical data etc.
Recommendation :
Ensure that access-control-allow-origin and access-control-allow-credentials Http header is configured in more restrictive manner to allow access to specific domain
===Arvind Fashions Ltd===
Product Team
