Vulnerability found on SecureAuth Server; 'Cookie Does Not Contain The "secure" Attribute'

Follow

SecureAuth IdP Version affected: All

Description:

When running a Security Scan for Vulnerabilities, your software locates a flag on the SecureAuth Server;
'Cookie Does Not Contain The "secure" Attribute'

 

Cause:
httpCookies SSL is set to false in the Web Config for each realm.


Resolution:

Edit web config on each Realm for <httpCookies httpOnlyCookies="true" requireSSL="true" />


Steps:

1. Log into the SecureAuth IdP Web Admin, for each Realm (e.g. SecureAuth998), select the System Info tab
2. In the Links section, select Click to edit Web Config file
3. Search for (CTRL + F / CMD + F) to find the line needing edited.
4. Update the line if false to <httpCookies httpOnlyCookies="true" requireSSL="true" />
5. Click Save to complete the change

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.