Closed aleksibovellan closed 5 months ago
@aleksibovellan Hey, I had the same issue, but I fixed it by adding this configuration: opensearch_security.cookie.secure: true
to the /etc/wazuh-dashboard/opensearch_dashboards.yml
file and then just restart wazuh-dashboard
I also fixed another issue with wazuh-indexer (SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability) by adding -Djdk.tls.ephemeralDHKeySize=2048
to the /etc/wazuh-indexer/jvm.options
file. After that, I restarted the wazuh-indexer and the vulnerability disappeared.
Hope it helps!
Hi @godunko-v , thank you so much for your reply and time. Those solutions indeed worked, as you've already found out. Amazing work right there, and results were confirmed with OpenVAS. Hopefully these additions could be included in the official future releases of Wazuh Docker too. I'll to comment this great SSL/TLS solution of yours to the other issue I filed in this repository also.
All the best and thanks again!! -Aleksi
The secure cookie issue was resolved by @godunko-v with adding: "opensearch_security.cookie.secure: true" into Wazuh Docker's host machine file: "..wazuh-docker/single-node/config/wazuh_dashboard/opensearch_dashboards.yml" and then downing-upping the docker.
I couldn't find a way to fix this myself in any of the config files, so here is an OpenVAS scan result, if it might interest someone. Thanks.
wazuh.dashboard
443/tcp
Thu, Mar 28, 2024 9:39 AM UTC Summary The remote HTTP web server / application is missing to set the 'Secure' cookie attribute for one or more sent HTTP cookie.
The cookie(s): set-cookie: security_authentication=; Max-Age=replaced; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Path=/
is/are missing the "Secure" cookie attribute.