ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0021721ClearOSwebconfig-httpdpublic2018-10-03 09:082018-11-07 19:47
Reporterdloper 
Assigned Touser2 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version7.5.0 
Target Version7.6.0Fixed in Version7.6.0 
Summary0021721: SSL Cookie should be flagged as SSL only
DescriptionRapid7 advises that secure attribute should be set on cookie to prevent non-SSL reading of the cookie:

The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP and HTTPS, then there is the potential that the cookie can be sent in clear text.

Affected Nodes:
Additional Information:
n.n.n.n:81
Cookie is not marked as secure: 'clearos_session=485200d8799fabcdd26c1dd474e4f811; path=/; httponly; domain=n.n.n.n'
URL: https://n.n.n.n:81/app/base/ [^]
n.n.n.n:81
Cookie is not marked as secure: 'clearos_lang=en_US; path=/; domain=n.n.n.n'
URL: https://n.n.n.n:81/app/base/ [^]
n.n.n.n:81
Cookie is not marked as secure: 'ci_csrf_token=485200d8799fabcdd26c1dd474e4f811; path=/; domain=n.n.n.n'
URL: https://n.n.n.n:81/app/base/ [^]
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2018-10-03 09:08 dloper New Issue
2018-10-30 14:08 user2 Status new => acknowledged
2018-10-30 14:27 user2 Target Version 7.5.0 Updates => 7.6.0
2018-11-07 19:47 user2 Status acknowledged => resolved
2018-11-07 19:47 user2 Fixed in Version => 7.6.0
2018-11-07 19:47 user2 Resolution open => fixed
2018-11-07 19:47 user2 Assigned To => user2