Pen test uncovered three vulnerabilities, manged to fix one of the three and trying to reslove the remaining two.
Those are ASA 5520, running codes 8.0 and 8.2::
- TLS/SSL Renegotiation Allowed - Fixed - Upgraded to 8.2(3) after reading the Cisco vulnerability posted here:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml - Cacheable HTTPs Responses - Not Fixed
Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.
Remedy:
The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow control of the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:
a. Cache-control: no-store
b. Pragma: no-cache
- SSL Cookie without Secure Flag - Not Fixed
Areas within a web application that contain sensitive information or provide access to privileged functionality, such as admin areas, should require session cookies to be sent only over SSL.
Remedy:
Ensure that cookies are marked as secure so that they will only be transmitted over an SSL connection.
Any ideas? Thanks
