SecureAuth IdP Version affected: All
Description:
When running a Security Scan for Vulnerabilities, your software locates a flag on the SecureAuth Server;
'Cookie Does Not Contain The "secure" Attribute'
Cause:
httpCookies SSL is set to false in the Web Config for each realm.
Resolution:
Edit web config on each Realm for <httpCookies httpOnlyCookies="true" requireSSL="true" />
Steps:
1. Log into the SecureAuth IdP Web Admin, for each Realm (e.g. SecureAuth998), select the System Info tab
2. In the Links section, select Click to edit Web Config file
3. Search for (CTRL + F / CMD + F) to find the line needing edited.
4. Update the line if false to <httpCookies httpOnlyCookies="true" requireSSL="true" />
5. Click Save to complete the change
Comments
Please sign in to leave a comment.