WORKTERRAProject Type: software

WORKTERRA

Uploaded image for project: 'WORKTERRA'
  1. WORKTERRA
  2. WT-12637

[Security] ZAP Scan Issue : Cookie No HttpOnly Flag

    Details

    • Type: Bug
    • Status: In Development
    • Priority: Low
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Environment:
      Production
    • Bug Severity:
      Low
    • Level:
      Admin, Employee, Partner
    • Module:
      BenAdmin - Security
    • Reported by:
      Harbinger
    • Company:
      All Clients/Multiple Clients
    • Item State:
      Development - In Analysis

      Description

      A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.

      For more details please refer attached HTML report

      CC SamirRakesh RoyJaideep Vinchurkaranirudha joshi
      SearchEmp_Spider.html

        Attachments

          Issue Links

          relates to

          Task - A task that needs to be done. NF-2714 Vulnerability Assessment and Penetration Testing for Workterra on Azure US environment.

          • Medium - Has the potential to affect progress.
          • To Do

            Activity

            Ascending order - Click to sort in descending order
            prasadp Prasad Pise (Inactive) created issue -
            prasadp Prasad Pise (Inactive) made changes -
            Field Original Value New Value
            Link This issue relates to NF-2714 [ NF-2714 ]
            prasadp Prasad Pise (Inactive) made changes -
            Attachment StaticReport_Spider.html [ 69272 ]
            prasadp Prasad Pise (Inactive) made changes -
            Attachment EnrollNowWithPartnerLogin.html [ 69273 ]
            santosh.balid Santosh Balid (Inactive) made changes -
            Status Open [ 1 ] In Development [ 10007 ]
            santosh.balid Santosh Balid (Inactive) made changes -
            Item State Parent values: Development(10200)Level 1 values: On Hold(10207)
            santosh.balid Santosh Balid (Inactive) made changes -
            Assignee Santosh Balid [ santosh.balid ] Gaurav Sodani [ gaurav.sodani ]
            santosh.balid Santosh Balid (Inactive) made changes -
            Remaining Estimate 0h [ 0 ]
            Time Spent 3.5h [ 12600 ]
            Worklog Id 106728 [ 106728 ]
            santosh.balid Santosh Balid (Inactive) made changes -
            Item State Parent values: Development(10200)Level 1 values: On Hold(10207) Parent values: Development(10200)Level 1 values: In Analysis(10204)
            santosh.balid Santosh Balid (Inactive) made changes -
            Time Spent 3.5h [ 12600 ] 7.5h [ 27000 ]
            Worklog Id 107676 [ 107676 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Assignee Gaurav Sodani [ gaurav.sodani ] Vijayendra Shinde [ ID10506 ]
            vijayendra Vijayendra Shinde (Inactive) made changes -
            Link This issue relates to DEV-13718 [ DEV-13718 ]

              People

              Assignee:
              vijayendra Vijayendra Shinde (Inactive)
              Reporter:
              prasadp Prasad Pise (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 7.5h
                  7.5h