Project

General

Profile

Actions

Bug #7574

closed

Non-compliant Strict Transport Security (STS)

Added by Pavel Kácha almost 2 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Category:
Development - GUI
Target version:
Start date:
03/23/2022
Due date:
% Done:

100%

Estimated time:
To be discussed:

Description

Nessus info

Synopsis

The remote web server implements Strict Transport Security incorrectly.

Description

The remote web server implements Strict Transport Security. However, it does not respect all the requirements of the STS draft standard.

Links and related

https://www.tenable.com/plugins/nessus/42823
http://www.nessus.org/u?2fb3aca6


Related issues

Related to Mentat - Bug #7573: Cookies in default configuration are not marked SecureClosedRajmund Hruska03/22/2022

Actions
Actions #1

Updated by Pavel Kácha almost 2 years ago

FLAB Pentest 2022-03 no. 39

Actions #2

Updated by Rajmund Hruska over 1 year ago

  • Status changed from New to Feedback
  • Assignee set to Rajmund Hruska
  • % Done changed from 0 to 100
  • To be discussed changed from No to Yes

I read the linked article and it seems to me that the only issue is the Session cookie not marked Secure, which is solved in #7573.

Actions #3

Updated by Rajmund Hruska over 1 year ago

  • Related to Bug #7573: Cookies in default configuration are not marked Secure added
Actions #4

Updated by Rajmund Hruska over 1 year ago

  • Status changed from Feedback to Closed
  • To be discussed deleted (Yes)

So, as we discussed on the meeting we think it is really related to the cookies issue (#7573) so it should be resolved now.

Actions

Also available in: Atom PDF