[Openstack-security] [Bug 1369870] Re: The cookies for messages, django_timezone, horizon_pagesize, and horizon_language are not marked as "secure"
Gary W. Smith
gary.w.smith at hp.com
Tue Sep 23 20:05:40 UTC 2014
** Tags added: security
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1369870
Title:
The cookies for messages, django_timezone,horizon_pagesize, and
horizon_language are not marked as "secure"
Status in OpenStack Dashboard (Horizon):
Incomplete
Bug description:
Affected URL: https://Ip_address/settings/
Affected Entity: messages, django_timezone, horizon_pagesize, and horizon_language
Risk: It may be possible to steal user and session information (cookies) that was sent during an encrypted session
Causes: The web application sends non-secure cookies over SSL
Recommend Fix: Add the 'Secure' attribute to all sensitive cookies
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1369870/+subscriptions
More information about the Openstack-security
mailing list