Project

General

Profile

Actions

Bug #7574

closed

Non-compliant Strict Transport Security (STS)

Added by Pavel Kácha 10 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Category:
Development - GUI
Target version:
Start date:
03/23/2022
Due date:
% Done:

100%

Estimated time:
To be discussed:

Description

Nessus info

Synopsis

The remote web server implements Strict Transport Security incorrectly.

Description

The remote web server implements Strict Transport Security. However, it does not respect all the requirements of the STS draft standard.

Links and related

https://www.tenable.com/plugins/nessus/42823
http://www.nessus.org/u?2fb3aca6


Related issues

Related to Mentat - Bug #7573: Cookies in default configuration are not marked SecureClosedRajmund Hruška03/22/2022

Actions
Actions #1

Updated by Pavel Kácha 10 months ago

FLAB Pentest 2022-03 no. 39

Actions #2

Updated by Rajmund Hruška 6 months ago

  • Status changed from New to Feedback
  • Assignee set to Rajmund Hruška
  • % Done changed from 0 to 100
  • To be discussed changed from No to Yes

I read the linked article and it seems to me that the only issue is the Session cookie not marked Secure, which is solved in #7573.

Actions #3

Updated by Rajmund Hruška 6 months ago

  • Related to Bug #7573: Cookies in default configuration are not marked Secure added
Actions #4

Updated by Rajmund Hruška 6 months ago

  • Status changed from Feedback to Closed
  • To be discussed deleted (Yes)

So, as we discussed on the meeting we think it is really related to the cookies issue (#7573) so it should be resolved now.

Actions

Also available in: Atom PDF