Project

General

Profile

Actions
Copy link

Bug #7574

closed

Non-compliant Strict Transport Security (STS)

Added by Pavel Kácha over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Rajmund Hruška
Category:
Development - GUI
Target version:
2.10
Start date:
03/23/2022
Due date:
% Done:

100%

Estimated time:
To be discussed:

Description

Nessus info

Synopsis

The remote web server implements Strict Transport Security incorrectly.

Description

The remote web server implements Strict Transport Security. However, it does not respect all the requirements of the STS draft standard.

Links and related

https://www.tenable.com/plugins/nessus/42823
http://www.nessus.org/u?2fb3aca6

Related issues

Related to Mentat - Bug #7573: Cookies in default configuration are not marked SecureClosedRajmund Hruška03/22/2022

Actions
Actions
Copy link
 #1

Updated by Pavel Kácha over 2 years ago

FLAB Pentest 2022-03 no. 39

Actions
Copy link
 #2

Updated by Rajmund Hruška over 2 years ago

  • Status changed from New to Feedback
  • Assignee set to Rajmund Hruška
  • % Done changed from 0 to 100
  • To be discussed changed from No to Yes

I read the linked article and it seems to me that the only issue is the Session cookie not marked Secure, which is solved in #7573.

Actions
Copy link
 #3

Updated by Rajmund Hruška over 2 years ago

  • Related to Bug #7573: Cookies in default configuration are not marked Secure added
Actions
Copy link
 #4

Updated by Rajmund Hruška over 2 years ago

  • Status changed from Feedback to Closed
  • To be discussed deleted (Yes)

So, as we discussed on the meeting we think it is really related to the cookies issue (#7573) so it should be resolved now.

Actions
Copy link

Also available in: Atom PDF