Details
-
Type: Improvement
-
Status: Closed
-
Priority: Major
-
Resolution: Fixed
-
Affects Version/s: EE-3.3.0.GA_P02, 4.0
-
Fix Version/s: EE-4.0.0.GA, EE-3.3.0.GA_P03, 4.1
-
Component/s: Push Library
-
Labels:None
-
Environment:All
-
Assignee Priority:P1
-
Support Case References:Support Case #13126 - https://icesoft.my.salesforce.com/5007000000rqkNj
Description
A security scan has flagged the ice.push.browser Cookie for noting having a secure and httpOnly attributes.
Summary
--------------------------------------------------------------------------------------------------------------------------
Report Vulnerable - ice.push.browser Cookie has problem(s)
Severity Low
SmartAttack Cookie Vulnerabilities
--------------------------------------------------------------------------------------------------------------------------
Message
--------------------------------------------------------------------------------------------------------------------------
ice.push.browser Cookie has problem(s)
ice.push.browser = hi2xevbo8;
Host = cdm-test.kyisc.us.ams1907.com;
Path = /
1. Cookie does not have secure attribute.
2. Cookie does not have HTTPOnly attribute.
Summary
--------------------------------------------------------------------------------------------------------------------------
Report Vulnerable - ice.push.browser Cookie has problem(s)
Severity Low
SmartAttack Cookie Vulnerabilities
--------------------------------------------------------------------------------------------------------------------------
Message
--------------------------------------------------------------------------------------------------------------------------
ice.push.browser Cookie has problem(s)
ice.push.browser = hi2xevbo8;
Host = cdm-test.kyisc.us.ams1907.com;
Path = /
1. Cookie does not have secure attribute.
2. Cookie does not have HTTPOnly attribute.
Made 'ice.push.browser' cookie secure and have HttpOnly access.