I currently doing PCI DSS security scan, my firmware version is v5.4.8,build1183 (GA)
And this vulnerability detected in results:
VULNERABILITY DETAILS
CVSS Base Score:
[LEFT][size="1"]5 [/size][size="1"][size="1"][size="1"]AV:N/AC:L/Au:N/C:N/I:P/A:N[/size][/size][/size][/LEFT]CVSS Temporal Score:
[LEFT][size="1"]4.3 [/size][size="1"][size="1"][size="1"]E:U/RL:U/RC:C[/size][/size][/size][/LEFT]Severity:
[LEFT]2122[/size][/LEFT]QID: 13162
Category: CGI
CVE ID: -
Vendor Reference: -
Bugtraq ID: -
Last Update: 06/12/2018
THREAT:
The secure cookie flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The
purpose of the secure flag is to prevent cookies from being observed by unauthorized parties due to the transmission of a the cookie in clear text. By
setting the secure flag, the browser will prevent the transmission of a cookie over an unencrypted channel.
A cookie with the secure attribute was not detected in the scan.
QID Detection Logic:
This unauthenticated QID checks for the existence of the "secure" cookie flag.
IMPACT:
Session cookies sent via HTTP expose users to sniffing attacks that could lead to user impersonation or account compromise.
SOLUTION:
Apply the "secure" attribute to session cookies to ensure that they are sent via HTTPS only. More information about this flag can be found here:
Scan Results page 64
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie.
RESULT:
HTTP Cookie missing Secure attribute on port 443.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I found this KB, but there are only 5.0 and 5.2 firmwares listed.
http://kb.fortinet.com/kb/documentLink.do?externalID=FD36922
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.