SSL/TLS Missing 'secure' Cookie Attribute, Report Weak Cipher Suites, Cleartext Transmission

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

SSL/TLS Missing 'secure' Cookie Attribute, Report Weak Cipher Suites, Cleartext Transmission

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
SSL/TLS Missing 'secure' Cookie Attribute, Report Weak Cipher Suites, Cleartext Transmission
SSL/TLS Missing 'secure' Cookie Attribute, Report Weak Cipher Suites, Cleartext Transmission
2023-11-22 21:38:00
Tags: #Firmware Update #ssl/tls
Model: EAP245  
Hardware Version: V3
Firmware Version: EAP245(US)_V3_5.1.0 Build 20230104

Having these errors for a couple of EAP 245 access points. They are showing up as vulnerable and there are no new firmware updates. Any news on fixes or firmware updates? Hasn't been one since February 2023.

 

  0      
  0      
#1
Options
11 Reply
Re:SSL/TLS Missing 'secure' Cookie Attribute, Report Weak Cipher Suites, Cleartext Transmission
2023-11-24 03:04:28

 @rogerrabbit 

 

Set the 'secure' attribute for any cookies that are sent over a SSL/TLS connection. Search "SSL/TLS Missing 'secure' Cookie AttributeSSL/TLS" on the Google.

Just striving to develop myself while helping others.
  0  
  0  
#2
Options
Re:SSL/TLS Missing 'secure' Cookie Attribute, Report Weak Cipher Suites, Cleartext Transmission
2023-11-24 16:10:23

  @Virgo 

Thank you for your assistance. I'm wondering if that will fix all of these errors.

  0  
  0  
#3
Options
Re:SSL/TLS Missing 'secure' Cookie Attribute, Report Weak Cipher Suites, Cleartext Transmission
2023-11-30 06:59:22

  @rogerrabbit 

 

Any updates?

Just striving to develop myself while helping others.
  0  
  0  
#4
Options
Re:SSL/TLS Missing 'secure' Cookie Attribute, Report Weak Cipher Suites, Cleartext Transmission
2023-12-05 22:09:51

  @Virgo 

 

I've spent tons of time researching and can't come up with a fix for this at the moment. 

  0  
  0  
#5
Options
Re:SSL/TLS Missing 'secure' Cookie Attribute, Report Weak Cipher Suites, Cleartext Transmission
2023-12-06 06:08:24

Hello @rogerrabbit,

 

Thank you so much for taking the time to report the issue to our community!

 

What software did you use to scan and get these error messages?

Did you have any reports when you scan or get the error message?

 

rogerrabbit wrote

They are showing up as vulnerable and there are no new firmware updates.

 

In which procedure you encounter these error message?

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#6
Options
Re:SSL/TLS Missing 'secure' Cookie Attribute, Report Weak Cipher Suites, Cleartext Transmission
2023-12-06 20:33:17

  @Hank21 

 

Just a network scanning device during a vulnerability scan. Too bad this is an eap245. 

  0  
  0  
#7
Options
Re:SSL/TLS Missing 'secure' Cookie Attribute, Report Weak Cipher Suites, Cleartext Transmission
2023-12-07 02:19:08

Hi @rogerrabbit

 

Could you elaborate on the network scanning device? Could you tell us the model number or the software name?

Could you share the full screenshot of the vulnerability scan procedure?

It is hard to locate the issue based on the information you current provide.

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#8
Options
Re:SSL/TLS Missing 'secure' Cookie Attribute, Report Weak Cipher Suites, Cleartext Transmission
2023-12-07 14:25:57

  @Hank21 

 

I'm not sure what software it is. It's a 3rd party company that provides equipment. Here's some more info if it helps.

 

  0  
  0  
#9
Options
Re:SSL/TLS Missing 'secure' Cookie Attribute, Report Weak Cipher Suites, Cleartext Transmission
2023-12-21 08:58:32 - last edited 2023-12-21 09:00:50

Hi, i'm using the EAP 610 and used openvas for the scan and can confirm the statements. It is a shame that you cannot store your own HTTPS certificate in the management interface. I'm not even sure if you can disable or redirect the HTTP server on the web interface. I am currently trying to move the management interface to a separate VLAN and hang it behind a proxy. So far the web interface behind the HAProxy is not working yet. Website opens empty after the login... but maybe that strategie helps u too.

 

OpenVAS Scann

  0  
  0  
#10
Options
Re:SSL/TLS Missing 'secure' Cookie Attribute, Report Weak Cipher Suites, Cleartext Transmission
2024-01-10 16:03:28

  @rogerrabbit 

I get the same erros from openvas on my EAP653 and EAP650-Wall

  0  
  0  
#11
Options

Information

Helpful: 0

Views: 1048

Replies: 11

Tags

Related Articles