Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
Clear All
new posts

    Cookie isc_cState - Vulnerability

    Hi,

    We are using Power Edition 4.1p.

    Qualys Scanner detected below two vulnerability for cookie "isc_cState"

    150122 Cookie Does Not Contain The "secure" Attribute
    150123 Cookie Does Not Contain The "HTTPOnly" Attribute (1)

    Both are related to cookie "isc_cState".

    I found in the forum (https://forums.smartclient.com/forum...ibute-security)
    "These cookies do not contain secure information. There is no issue here; security scanners point out spurious vulnerabilities more often than not."

    Is there anyway to fix this issue or is this fixed in any latest version ?

    Thanks
    Regards
    Vijay

    #2
    There is no fix because there is no issue.

    Comment


      #3
      Hi ,

      Thanks for your reply.
      The scanner is finding as the issue for cookie "isc_cState". We will need to close this issue.
      Can you please guide us to make it Secure and HTTPOnly?

      Regards
      Vijay.

      Comment


        #4
        Again, there is no need for this cookie to be modified, there is no security vulnerability here.

        Your scanner is simply producing a bogus result. The majority of security problems identified with scanners are bogus and could never be exploited.

        If you try to close every issue raised by a security scanner you will spend all your time doing that, and you will have accomplished nothing.

        Comment

        Working...
        X