[WT-12637] [Security] ZAP Scan Issue : Cookie No HttpOnly Flag - Workterra Jira

XML

Word

Printable

Details

Type: Bug
Status: In Development
Priority: Low
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Environment:

Production
Bug Severity:
Low
Level:

Admin, Employee, Partner
Module:
BenAdmin - Security
Reported by:
Harbinger
Company:
All Clients/Multiple Clients
Item State:
Development - In Analysis

Description

A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.

For more details please refer attached HTML report

CC Samir Rakesh Roy Jaideep Vinchurkar anirudha joshi
SearchEmp_Spider.html

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

EnrollNowWithPartnerLogin.html
05/Dec/17 06:36 AM
48 kB
Prasad Pise
SearchEmp_Spider.html
05/Dec/17 06:09 AM
48 kB
Prasad Pise
StaticReport_Spider.html
05/Dec/17 06:35 AM
53 kB
Prasad Pise

Issue Links

relates to

NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.

To Do

Activity

People

Assignee:: Vijayendra Shinde (Inactive)

Reporter:: Prasad Pise (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 05/Dec/17 06:09 AM

Updated:: 15/Dec/20 02:40 AM

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

7.5h