[Openstack-security] [Bug 1369870] Re: The cookies for messages, django_timezone, horizon_pagesize, and horizon_language are not marked as "secure"
Zhang Yun
zhangyun at cn.ibm.com
Mon Sep 29 02:43:31 UTC 2014
Ok, if no sensitive information here, please close this bug, thanks.
--
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1369870
Title:
The cookies for messages, django_timezone,horizon_pagesize, and
horizon_language are not marked as "secure"
Status in OpenStack Dashboard (Horizon):
New
Bug description:
Affected URL: https://Ip_address/settings/
Affected Entity: messages, django_timezone, horizon_pagesize, and horizon_language
Risk: It may be possible to steal user and session information (cookies) that was sent during an encrypted session
Causes: The web application sends non-secure cookies over SSL
Recommend Fix: Add the 'Secure' attribute to all sensitive cookies
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1369870/+subscriptions
More information about the Openstack-security
mailing list