Vulnerability found on SecureAuth Server; 'Cookie Does Not Contain The "secure" Attribute'

Follow
    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth IdP Version affected: All

    Description:

    When running a Security Scan for Vulnerabilities, your software locates a flag on the SecureAuth Server;
    'Cookie Does Not Contain The "secure" Attribute'

     

    Cause:
    httpCookies SSL is set to false in the Web Config for each realm.


    Resolution:

    Edit web config on each Realm for <httpCookies httpOnlyCookies="true" requireSSL="true" />


    Steps:

    1. Log into the SecureAuth IdP Web Admin, for each Realm (e.g. SecureAuth998), select the System Info tab
    2. In the Links section, select Click to edit Web Config file
    3. Search for (CTRL + F / CMD + F) to find the line needing edited.
    4. Update the line if false to <httpCookies httpOnlyCookies="true" requireSSL="true" />
    5. Click Save to complete the change

    0 out of 0 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.