Web scan - A TLS cookie without the secure flag enabled
Moderators: Developer, Contributor
Web scan - A TLS cookie without the secure flag enabled
I am the IT Administrator for a small business that holds Federal contracts. Recently, we completed a web scan on the Mantis service to meet security compliance requirements by the government. The web scan returned an alarm/alert of "A TLS cookie without the secure flag enabled.". Is there some way to contact MantisBT to see what I can do about resolving this finding? Thanks.
Re: Web scan - A TLS cookie without the secure flag enabled
Hello, thank you for the reply. We recently updated to 2.28.0.
Re: Web scan - A TLS cookie without the secure flag enabled
As this is about security, your very first step should be to upgrade to 2.28.1 because of a critical security issue, see viewtopic.php?t=40432
After that, if the issue should still occur (I suspect it will), come back and provide some more details
- Step-by-step instructions to reproduce the issue
- Name of the affected cookie
- Exact version of PHP, Database, Web server, Browser (or tool that was used for the scan) and Operating System
- Relevant customizations (upload config_inc.php, before that anonymize any private information)
- Installed plugins and custom functions
- Was the MantisBT source code modified in any way ?
After that, if the issue should still occur (I suspect it will), come back and provide some more details
- Step-by-step instructions to reproduce the issue
- Name of the affected cookie
- Exact version of PHP, Database, Web server, Browser (or tool that was used for the scan) and Operating System
- Relevant customizations (upload config_inc.php, before that anonymize any private information)
- Installed plugins and custom functions
- Was the MantisBT source code modified in any way ?