ICEpush
  1. ICEpush
  2. PUSH-344

Add httpOnly and secure attributes to the ice.push.browser Cookie

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: EE-3.3.0.GA_P02, 4.0
    • Fix Version/s: EE-4.0.0.GA, EE-3.3.0.GA_P03, 4.1
    • Component/s: Push Library
    • Labels:
      None
    • Environment:
      All

      Description

      A security scan has flagged the ice.push.browser Cookie for noting having a secure and httpOnly attributes.

      Summary
      --------------------------------------------------------------------------------------------------------------------------
      Report Vulnerable - ice.push.browser Cookie has problem(s)
      Severity Low
      SmartAttack Cookie Vulnerabilities
      --------------------------------------------------------------------------------------------------------------------------
      Message
      --------------------------------------------------------------------------------------------------------------------------
      ice.push.browser Cookie has problem(s)

      ice.push.browser = hi2xevbo8;
      Host = cdm-test.kyisc.us.ams1907.com;
      Path = /
      1. Cookie does not have secure attribute.
      2. Cookie does not have HTTPOnly attribute.

        Activity

        Arran Mccullough created issue -
        Ken Fyten made changes -
        Field Original Value New Value
        Assignee Mircea Toma [ mircea.toma ]
        Fix Version/s EE-4.0.0.GA [ 11170 ]
        Fix Version/s EE-3.3.0.GA_P03 [ 11571 ]
        Assignee Priority P1 [ 10010 ]
        Mircea Toma made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Arran Mccullough made changes -
        Resolution Fixed [ 1 ]
        Status Resolved [ 5 ] Reopened [ 4 ]
        Mircea Toma made changes -
        Status Reopened [ 4 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Ken Fyten made changes -
        Fix Version/s 4.1 [ 11570 ]
        Ken Fyten made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Mircea Toma
            Reporter:
            Arran Mccullough
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: