ICEpush
  1. ICEpush
  2. PUSH-344

Add httpOnly and secure attributes to the ice.push.browser Cookie

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: EE-3.3.0.GA_P02, 4.0
    • Fix Version/s: EE-4.0.0.GA, EE-3.3.0.GA_P03, 4.1
    • Component/s: Push Library
    • Labels:
      None
    • Environment:
      All

      Description

      A security scan has flagged the ice.push.browser Cookie for noting having a secure and httpOnly attributes.

      Summary
      --------------------------------------------------------------------------------------------------------------------------
      Report Vulnerable - ice.push.browser Cookie has problem(s)
      Severity Low
      SmartAttack Cookie Vulnerabilities
      --------------------------------------------------------------------------------------------------------------------------
      Message
      --------------------------------------------------------------------------------------------------------------------------
      ice.push.browser Cookie has problem(s)

      ice.push.browser = hi2xevbo8;
      Host = cdm-test.kyisc.us.ams1907.com;
      Path = /
      1. Cookie does not have secure attribute.
      2. Cookie does not have HTTPOnly attribute.

        Activity

          People

          • Assignee:
            Mircea Toma
            Reporter:
            Arran Mccullough
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: