← LibraryTechnique entry
W-CORS-MISCONFIGImpact
CORS Misconfiguration
Access-Control-Allow-Origin reflects arbitrary Origin with Allow-Credentials: true — cross-origin reads of authenticated data.
§ Where this technique fits
W-CORS-MISCONFIG is catalogued under the Impact tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.