Missing Secure Attribute in Encrypted Session (SSL) Cookie

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Timed out
    • None
    • Component/s: Board configuration
    • None
    • 1
    • 2

      Our security department has scanned our Jira (v7.4.2#74004-sha1:586975d) using an IBM tool called Appscan.  It reported a possible vulnerability.  I have to prepare a response to indicate if this is a known problem and when or if it will be fixed.  I require your assistance please. Text from the report follows:

      1. Missing Secure Attribute in Encrypted Session (SSL) Cookie- It may be possible to steal user and session information (cookies) that was sent during an encrypted session.

       Recommendation:  Add the 'Secure' attribute to all sensitive cookies.

       

            Assignee:
            Unassigned
            Reporter:
            steve moffat
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: