ClearFoundation Tracker - ClearOS
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0021721ClearOSwebconfig-httpdpublic2018-10-03 09:082021-11-09 07:48
Reporterdloper 
Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version7.5.0 
Target Version7.6.0Fixed in Version7.6.0 
Summary0021721: SSL Cookie should be flagged as SSL only
DescriptionRapid7 advises that secure attribute should be set on cookie to prevent non-SSL reading of the cookie:

The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP and HTTPS, then there is the potential that the cookie can be sent in clear text.

Affected Nodes:
Additional Information:
n.n.n.n:81
Cookie is not marked as secure: 'clearos_session=485200d8799fabcdd26c1dd474e4f811; path=/; httponly; domain=n.n.n.n'
URL: https://n.n.n.n:81/app/base/ [^]
n.n.n.n:81
Cookie is not marked as secure: 'clearos_lang=en_US; path=/; domain=n.n.n.n'
URL: https://n.n.n.n:81/app/base/ [^]
n.n.n.n:81
Cookie is not marked as secure: 'ci_csrf_token=485200d8799fabcdd26c1dd474e4f811; path=/; domain=n.n.n.n'
URL: https://n.n.n.n:81/app/base/ [^]
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2018-10-03 09:08dloperNew Issue
2018-10-30 14:08user2Statusnew => acknowledged
2018-10-30 14:27user2Target Version7.5.0 Updates => 7.6.0
2018-11-07 19:47user2Statusacknowledged => resolved
2018-11-07 19:47user2Fixed in Version => 7.6.0
2018-11-07 19:47user2Resolutionopen => fixed
2018-11-07 19:47user2Assigned To => user2
2021-11-09 07:48NickHStatusresolved => closed
2021-11-09 07:48NickHAssigned Touser2 =>

There are no notes attached to this issue.