Knowledge Base

Support Policies

Vulnerability found on SecureAuth Server; 'Cookie Does Not Contain The "secure" Attribute'

SecureAuth IdP Version affected: All

Description:

When running a Security Scan for Vulnerabilities, your software locates a flag on the SecureAuth Server;
'Cookie Does Not Contain The "secure" Attribute'

 

Cause:
httpCookies SSL is set to false in the Web Config for each realm.


Resolution:

Edit web config on each Realm for <httpCookies httpOnlyCookies="true" requireSSL="true" />


Steps:

1. Log into the SecureAuth IdP Web Admin, for each Realm (e.g. SecureAuth998), select the System Info tab
2. In the Links section, select Click to edit Web Config file
3. Search for (CTRL + F / CMD + F) to find the line needing edited.
4. Update the line if false to <httpCookies httpOnlyCookies="true" requireSSL="true" />
5. Click Save to complete the change

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.