Bug #78835
closed
Cookie be_lastLoginProvider doesn't respect httpOnly and Secure flags
Added by Bas v.d. Wiel over 7 years ago. Updated over 5 years ago.
100%
Description
My vulnerability scanner keeps firing on be_lastLoginProvider cookie not being secure and httpOnly.
Updated by Markus Klein over 7 years ago
- Project changed from TYPO3 Core to 1716
Updated by Gerrit Code Review over 7 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50808
Updated by Markus Klein over 7 years ago
- Project changed from 1716 to TYPO3 Core
- Status changed from Under Review to Needs Feedback
- Is Regression set to No
This cookie is not security relevant at all. It simply stores your last login form provider.
What additional measures would you expect from it?
Updated by Markus Klein over 7 years ago
- Status changed from Needs Feedback to Under Review
Updated by Gerrit Code Review over 7 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50808
Updated by Gerrit Code Review over 7 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50808
Updated by Bas v.d. Wiel over 7 years ago
Whether the cookie is security relevant or not by its content shouldn't matter if you ask me. The default behavior should be prudent in that any cookie being set should be set with the secure flag if it's being served over https, and httpOnly if that doesn't impede its function.
Updated by Anja Leichsenring over 7 years ago
- Sprint Focus set to On Location Sprint
Updated by Gerrit Code Review over 7 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50808
Updated by Gerrit Code Review over 7 years ago
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50808
Updated by Gerrit Code Review over 7 years ago
Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50808
Updated by Gerrit Code Review over 7 years ago
Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50808
Updated by Gerrit Code Review over 7 years ago
Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50808
Updated by Gerrit Code Review over 7 years ago
Patch set 9 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50808
Updated by Gerrit Code Review over 7 years ago
Patch set 10 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50808
Updated by Gerrit Code Review over 7 years ago
Patch set 11 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50808
Updated by Gerrit Code Review over 7 years ago
Patch set 12 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50808
Updated by Gerrit Code Review over 7 years ago
Patch set 13 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50808
Updated by Gerrit Code Review over 7 years ago
Patch set 14 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50808
Updated by Gerrit Code Review over 7 years ago
Patch set 15 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50808
Updated by Gerrit Code Review about 7 years ago
Patch set 16 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50808
Updated by Gerrit Code Review about 7 years ago
Patch set 17 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50808
Updated by Benni Mack about 7 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 3b4d288cc863cb614d8e19ed0ed85dd9f0814d94.