Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

insecure cookie(port 2083) PCI failure

Discussion in 'General Discussion' started by EWD, Nov 7, 2008.

  1. EWD

    EWD Well-Known Member
    PartnerNOC

    Joined:
    Aug 19, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    NY
    Here are the latest failures:

    2083 - Missing Secure Attribute in an Encrypted Session (SSL) Cookie - The application sets a cookie over a secure channel without using the "secure" attribute. RFC states that if the cookie does not have the secure attribute assigned to it, then the cookie can be passed to the server by the client over non-secure channels (http). Using this attack, an attacker may be able to intercept this cookie, over the non-secure channel, and use it for a session hijacking attack. - It is best business practice that any cookies that are sent (set-cookie) over an SSL connection to explicitly state secure on them.

    2083 - Potentially Sensitive Information Missing Secure Attribute in an Encrypted Session (SSL) Cookie - The application sets a cookie over a secure channel without using the "secure" attribute. RFC states that if the cookie does not have the secure attribute assigned to it, then the cookie can be passed to the server by the client over non-secure channels (http). Using this attack, an attacker may be able to intercept this cookie, over the non-secure channel, and use it for a session hijacking attack. The information that was sent was flagged as being potentially sensitive. Potentially sensitive information could be session tokens, user id's, or passwords. - It is best business practice that any cookies that are sent (set-cookie) over an SSL connection to explicitly state secure on them. Speak with your web developer to have them enable the secure attribute on cookies sent over secure connections.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. EWD

    EWD Well-Known Member
    PartnerNOC

    Joined:
    Aug 19, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    NY
    Any ideas on this issue?

    Thanks :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,563
    Likes Received:
    43
    Trophy Points:
    308
    cPanel Access Level:
    Root Administrator
    Full cPanel version number please.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. EWD

    EWD Well-Known Member
    PartnerNOC

    Joined:
    Aug 19, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    NY
    Sorry cpanelkenneth

    Original report was running on cPanel 11.24.0-C30789
    Upgraded today to cPanel 11.24.0-C30898 and the issue is still present.

    Thanks ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,563
    Likes Received:
    43
    Trophy Points:
    308
    cPanel Access Level:
    Root Administrator
    Thank you. I'll pass this along to the developers.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice