[PUSH-344] Add httpOnly and secure attributes to the ice.push.browser Cookie - ICEsoft JIRA Issue Tracker

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: EE-3.3.0.GA_P02, 4.0
Fix Version/s: EE-4.0.0.GA, EE-3.3.0.GA_P03, 4.1
Component/s: Push Library
Labels:
None
Environment:
All

Assignee Priority:
P1
Support Case References:
Support Case #13126 - https://icesoft.my.salesforce.com/5007000000rqkNj

Description

A security scan has flagged the ice.push.browser Cookie for noting having a secure and httpOnly attributes.

Summary
--------------------------------------------------------------------------------------------------------------------------
Report Vulnerable - ice.push.browser Cookie has problem(s)
Severity Low
SmartAttack Cookie Vulnerabilities
--------------------------------------------------------------------------------------------------------------------------
Message
--------------------------------------------------------------------------------------------------------------------------
ice.push.browser Cookie has problem(s)

ice.push.browser = hi2xevbo8;
Host = cdm-test.kyisc.us.ams1907.com;
Path = /
1. Cookie does not have secure attribute.
2. Cookie does not have HTTPOnly attribute.

Activity

Repository	Revision	Date	User	Message
ICEsoft Public SVN Repository	#43809	Thu Dec 11 12:03:00 MST 2014	mircea.toma	~~PUSH-344~~ Made 'ice.push.browser' cookie secure and have HttpOnly access.
				Files Changed
				MODIFY /icepush/trunk/icepush/core/src/main/java/org/icepush/PushContext.java

People

Assignee:

Mircea Toma

Reporter:

Arran Mccullough

Votes:

0 Vote for this issue

Watchers:

4 Start watching this issue

Dates

Created:

03/Dec/14 11:23 AM

Updated:

13/Mar/17 1:33 PM

Resolved:

17/Dec/14 2:29 PM