03-08-2021 05:56 AM
Ive managed to get rid of this vulnerability on other ASA5506Xs by enabling the http-only VPN cookie option. but on another one i look after this hasn't cleared the vulnerability.
The greenbone scan returns this:
Set-Cookie: webvpn_as=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpn_portal=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnSharePoint=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: samlPreauthSessionHash=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: acSamlv2Error=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=***replaced***; path=/; secure
are missing the "httpOnly" attribute.
Does anyone know how I sort these out? The firewalls clock is correct so not sure where those expiry dates are coming from.
I did see this exact issue was a bug in the OS last year but this firewall is on version 9.8(4)32
12-13-2021 01:41 PM
Hi There,
did you ever find a fix for this as i have a single 5506 that is displaying this exact issue, while others are fine. currently on firmware 9.14(3)15
02-04-2022 05:46 AM
No.
Ive just had to ignore the result on greenbone.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide