ClearFoundation Tracker - ClearOS
View Issue Details
0021721ClearOSwebconfig-httpdpublic2018-10-03 09:082021-11-09 07:48
dloper 
 
normalminorhave not tried
closedfixed 
7.5.0 
7.6.07.6.0 
0021721: SSL Cookie should be flagged as SSL only
Rapid7 advises that secure attribute should be set on cookie to prevent non-SSL reading of the cookie:

The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP and HTTPS, then there is the potential that the cookie can be sent in clear text.

Affected Nodes:
Additional Information:
n.n.n.n:81
Cookie is not marked as secure: 'clearos_session=485200d8799fabcdd26c1dd474e4f811; path=/; httponly; domain=n.n.n.n'
URL: https://n.n.n.n:81/app/base/ [^]
n.n.n.n:81
Cookie is not marked as secure: 'clearos_lang=en_US; path=/; domain=n.n.n.n'
URL: https://n.n.n.n:81/app/base/ [^]
n.n.n.n:81
Cookie is not marked as secure: 'ci_csrf_token=485200d8799fabcdd26c1dd474e4f811; path=/; domain=n.n.n.n'
URL: https://n.n.n.n:81/app/base/ [^]
No tags attached.
Issue History
2018-10-03 09:08dloperNew Issue
2018-10-30 14:08user2Statusnew => acknowledged
2018-10-30 14:27user2Target Version7.5.0 Updates => 7.6.0
2018-11-07 19:47user2Statusacknowledged => resolved
2018-11-07 19:47user2Fixed in Version => 7.6.0
2018-11-07 19:47user2Resolutionopen => fixed
2018-11-07 19:47user2Assigned To => user2
2021-11-09 07:48NickHStatusresolved => closed
2021-11-09 07:48NickHAssigned Touser2 =>

There are no notes attached to this issue.