ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0021721ClearOSwebconfig-httpdpublic2018-10-03 09:082018-11-07 19:47
Reporterdloper 
Assigned Topbaldwin 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version7.5.0 
Target Version7.6.0Fixed in Version7.6.0 
Summary0021721: SSL Cookie should be flagged as SSL only
DescriptionRapid7 advises that secure attribute should be set on cookie to prevent non-SSL reading of the cookie:

The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP and HTTPS, then there is the potential that the cookie can be sent in clear text.

Affected Nodes:
Additional Information:
n.n.n.n:81
Cookie is not marked as secure: 'clearos_session=485200d8799fabcdd26c1dd474e4f811; path=/; httponly; domain=n.n.n.n'
URL: https://n.n.n.n:81/app/base/ [^]
n.n.n.n:81
Cookie is not marked as secure: 'clearos_lang=en_US; path=/; domain=n.n.n.n'
URL: https://n.n.n.n:81/app/base/ [^]
n.n.n.n:81
Cookie is not marked as secure: 'ci_csrf_token=485200d8799fabcdd26c1dd474e4f811; path=/; domain=n.n.n.n'
URL: https://n.n.n.n:81/app/base/ [^]
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2018-10-03 09:08 dloper New Issue
2018-10-30 14:08 pbaldwin Status new => acknowledged
2018-10-30 14:27 pbaldwin Target Version 7.5.0 Updates => 7.6.0
2018-11-07 19:47 pbaldwin Status acknowledged => resolved
2018-11-07 19:47 pbaldwin Fixed in Version => 7.6.0
2018-11-07 19:47 pbaldwin Resolution open => fixed
2018-11-07 19:47 pbaldwin Assigned To => pbaldwin