06-Oct-2021 12:17
Hi Friends ,
How we can resolve this vulnerability flaw on f5 :
CWE ID 614 -- Sensitive Cookie in HTTPS Session Without 'Secure' Attribute -- PD-H-SESSION-ID
07-Oct-2021
00:14
- last edited on
04-Jun-2023
19:17
by
JimmyPackets
Hi ,
you could use an iRule to add the Secure flag to the cookie.
when HTTP_RESPONSE {
set ckname "mycookie"
if { [HTTP::cookie exists $ckname] } {
HTTP::cookie secure $ckname enable
}
}
Just replace mycookie with the name of your cookie.
KR
Daniel
26-Oct-2021 14:51
Thanks