Posted to OpenStack ML 19-9-13
** Changed in: ossn
Status: New => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1191051
Title:
Horizon does not set Secure Attribute in cookies
Status in OpenStack Dashboard (Horizon):
Invalid
Status in OpenStack Security Notes:
Fix Released
Bug description:
Version: 2012.2
The cookies used by Horizon do not have the Secure Attribute set, which
allows them to be sent over unencrypted requests. This could result in stolen
sessions, as it is trivial to force the browser to make unencrypted requests.
For more information see
https://www.owasp.org/index.php/Testing_for_cookies_attributes_%28OWASP-SM-002%29
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1191051/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
