https://homeproj.cesnet.cz/https://homeproj.cesnet.cz/httpauth-login/favicon.ico?16194486082022-03-23T13:39:48ZHomeproj: Redmine for CESNETMentat - Bug #7574: Non-compliant Strict Transport Security (STS)https://homeproj.cesnet.cz/issues/7574?journal_id=361222022-03-23T13:39:48ZPavel Káchaph@cesnet.cz
<ul></ul><p>FLAB Pentest 2022-03 no. 39</p> Mentat - Bug #7574: Non-compliant Strict Transport Security (STS)https://homeproj.cesnet.cz/issues/7574?journal_id=363692022-08-08T13:16:25ZRajmund Hruška
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li><li><strong>Assignee</strong> set to <i>Rajmund Hruška</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li><li><strong>To be discussed</strong> changed from <i>No</i> to <i>Yes</i></li></ul><p>I read the linked article and it seems to me that the only issue is the Session cookie not marked Secure, which is solved in <a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: Cookies in default configuration are not marked Secure (Closed)" href="https://homeproj.cesnet.cz/issues/7573">#7573</a>.</p> Mentat - Bug #7574: Non-compliant Strict Transport Security (STS)https://homeproj.cesnet.cz/issues/7574?journal_id=363712022-08-09T09:02:04ZRajmund Hruška
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/7573">Bug #7573</a>: Cookies in default configuration are not marked Secure</i> added</li></ul> Mentat - Bug #7574: Non-compliant Strict Transport Security (STS)https://homeproj.cesnet.cz/issues/7574?journal_id=363722022-08-09T09:03:01ZRajmund Hruška
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Closed</i></li><li><strong>To be discussed</strong> deleted (<del><i>Yes</i></del>)</li></ul><p>So, as we discussed on the meeting we think it is really related to the cookies issue (<a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: Cookies in default configuration are not marked Secure (Closed)" href="https://homeproj.cesnet.cz/issues/7573">#7573</a>) so it should be resolved now.</p>