maste tecker
Posted in Technical Support 8 years ago
Cookie Not Marked as Secure
Identified Cookie PHPSESSID
Vulnerability Details
Netsparker identified a cookie not marked as secure, and transmitted over HTTPS.
This means the cookie could potentially be stolen by an attacker who can successfully intercept and decrypt the traffic, or following a successful man-in-the-middle attack.
Impact
This cookie will be transmitted over a HTTP connection, therefore if this cookie is important (such as a session cookie), an attacker might intercept it and hijack a victim's session. If the attacker can carry out a man-in-the-middle attack, he/she can force the victim to make an HTTP request to steal the cookie.
how to solve i t??
Arsalan Shah
Replied 8 years ago
This is something which need to be fixed on your servers, it is not Ossn issue.
Eric F.
Replied 8 years ago
Try to add Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure" to your apache conf (it's for v2.4).
Buy and install an ssl is not enought, you need to configure your server for it.
You can find many guide on the net:
https://www.perpetual-beta.org/weblog/security-headers.html#rule-5-remove-x-powered-by
http://geekflare.com/apache-web-server-hardening-security/
Due to the many requests in the past for additonal features and components we have decided to develope a premium version. Features like Hashtags, Videos, Polls, Events, Stories, Link Preview, etc included in it.
$199 (Life Time)
