First Last Prev Next    This bug is not in your last search results.
Bug 53511 - [4.4] Set cookie security flag if connection via https
[4.4] Set cookie security flag if connection via https
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Apache
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-8-errata
Assigned To: Florian Best
Dirk Wiesenthal
https://git.knut.univention.de/univen...
:
Depends on: 51242
Blocks:
  Show dependency treegraph
 
Reported: 2021-06-24 15:01 CEST by Florian Best
Modified: 2021-08-25 17:46 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 2: Improvement: Would be a product improvement
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.046
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2020042921000255
Bug group (optional): Security
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2021-06-24 15:01:36 CEST 
Backport to UCS 4.4:

+++ This bug was initially created as a clone of Bug #51242 +++

A customer has reported that we do not use the cookie secure flag. Connection downgrades make it possible to retrieve session cookies in insecure networks.

As Florian suggested it would be an improvement if we set the flag when connecting via https.
Comment 1 Florian Best univentionstaff 2021-06-24 15:04:12 CEST 
Backported in:

univention-management-console.yaml
ad550b58c595 | Bug #53511: make it possible to set secure cookies

univention-management-console (11.0.6-14)
ad550b58c595 | Bug #53511: make it possible to set secure cookies
Comment 2 Dirk Wiesenthal univentionstaff 2021-07-01 11:58:09 CEST 
Backport: OK
YAML: OK
First Last Prev Next    This bug is not in your last search results.