Threat Class :Information Leakage
Reason :The application has responded with a response that indicates the page should be cached, but not ALL cache control headers are set ("Cache-Control: no-store" and either "Pragma: no-cache" or "Cache-Control: no-cache").
Technical Description :Most web browsers are configured by default to cache the user's pages during use. This means that SSL pages are cached as well.
It is not recommended to enable the web browser to save any SSL information, since this information might be compromised when a vulnerability exists.
Risk :It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations
Mitigation: Disable caching on all SSL pages or all pages that contain sensitive data.
This can be achieved by using "Cache-Control: no-store" and either "Pragma: no-cache" or "Cache-Control: no-cache" response directives in your SSL page headers.
Cache-Control: private - This directive instructs proxies that the page contains private information, and therefore should not be cached by a shared cache. However, it does not instruct browsers to refrain from caching the pages.
Cache-Control: no-cache - This directive also instructs proxies that the page contains private information, and therefore should not be cached. It also instructs the browser to revalidate with the server to check if a new version is available. This means that the browser may store sensitive pages or information to be used in the revalidation. Certain browsers do not necessarily follow the RFC and may treat no-cache as no-store.
Cache-Control: no-store - This is the most secure directive. It instructs both the proxy and the browser not to cache the page or store it in its cache folders.
Pragma: no-cache - This directive is required for older browsers, that do not support the Cache-Control header.
Threat Class :Information Leakage Reason :The application has responded with a response that indicates the page should be cached, but not ALL cache control headers are set ("Cache-Control: no-store" and either "Pragma: no-cache" or "Cache-Control: no-cache"). Technical Description :Most web browsers are configured by default to cache the user's pages during use. This means that SSL pages are cached as well. It is not recommended to enable the web browser to save any SSL information, since this information might be compromised when a vulnerability exists. Risk :It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations
Mitigation: Disable caching on all SSL pages or all pages that contain sensitive data. This can be achieved by using "Cache-Control: no-store" and either "Pragma: no-cache" or "Cache-Control: no-cache" response directives in your SSL page headers. Cache-Control: private - This directive instructs proxies that the page contains private information, and therefore should not be cached by a shared cache. However, it does not instruct browsers to refrain from caching the pages. Cache-Control: no-cache - This directive also instructs proxies that the page contains private information, and therefore should not be cached. It also instructs the browser to revalidate with the server to check if a new version is available. This means that the browser may store sensitive pages or information to be used in the revalidation. Certain browsers do not necessarily follow the RFC and may treat no-cache as no-store. Cache-Control: no-store - This is the most secure directive. It instructs both the proxy and the browser not to cache the page or store it in its cache folders. Pragma: no-cache - This directive is required for older browsers, that do not support the Cache-Control header.
https://preprod.armorcode.ai/#/findings/3505693