(01-19-2021, 11:34 AM)Jose Nilton Pace Wrote: Hi, add this:
Quote:!3DES
Thank you!
(01-19-2021, 11:34 AM)Jose Nilton Pace Wrote: Hi, add this:
Quote:!3DES
Thank you very much. Couple more vulnerabilities. Kindly assist.
1. Missing Secure Flag From SSL Cookie - The Secure attribute tells the browser to only send the cookie if the request is being sent over a secure channel such as HTTPS. This will help protect the cookie from being passed over unencrypted requests. If the application can be accessed over both HTTP and HTTPS then there is the potential that the cookie can be sent in clear text.
2. Missing HttpOnly Flag From Cookie - HTTP Only is an additional flag included in a Set-Cookie HTTP response header. If supported by the browser using the HTTP Only flag when generating a cookie helps mitigate the risk of client side script accessing the protected cookie. If a browser that supports HTTP Only detects a cookie containing the HTTP Only flag and client side script code attempts to read the cookie the browser returns an empty string as the result. This causes the attack to fail by preventing the malicious (usually XSS) code from sending the data to an attacker's website.