petersutty
commented
5 years ago /opt/snorby/config/initializers/session_store.rb
Snorby::Application.config.session_store :cookie_store, :key => '_snorby_session'
Snorby::Application.config.session_store :cookie_store, :key => '_snorby_session', secure: true
Hi, recently I did qualys scan on our IDS build on snorby and it reported following: THREAT: The cookie does not contain the "secure" attribute. IMPACT: Cookies with the "secure" attribute are only permitted to be sent via HTTPS. Cookies sent via HTTP expose an unsuspecting user to sniffing attacks that could lead to user impersonation or compromise of the application account. RESULTS: url: https://10.99.6.2/users/login Payload: N/A matched: _snorby_session= BAh7B0kiD3Nlc3Npb25faWQGOgZFVEkiJTI3YTU4YzM5ZmQ5YjZmZTdhMGRlNmU3YzdiM2UwMmE3BjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMWZHWFJlVW56M25uL2 vZ0d2ZmhYd0lsYUczMHpQaSs1d2p4TjNsS2wxOTQ9BjsARg%3D%3D--883a0151d4742883f30d1f9a6610c889db11a738; path=/; domain=10.99.6.2; httponly
Would that be easy to fix - simple config change ? Thanks, Peter