An XML External Entity Attack (XXE) is one that attacks an application that processes XML files. XML files are commonly used for SEPA files, especially for direct credit files. It is no wonder that, as a payroll software, Indigo must ensure that these kinds of files are processed securely.
To protect you and your SEPA file exports, we secure Indigo’s XML processors by closing off the system to external XML entities and document type definition (DTD). These two processes are run internally within Indigo.
Here is how you can further protect against XXE attacks:
- Create a strong password for SEPA direct credits in Settings.