Description

You can require the forms authentication cookie from your Web-based applications to use SSL. By setting the requireSSL attribute of the element to true, ASP.NET applications will use a secure connection when transmitting the authentication cookies to the Web server.

Remediation

To require SSL for authentication cookies, set the value of the requireSSL attribute of the element to true.

Example:

Related Vulnerabilities

PHP allow_url_include enabled

Magento Cacheleak

TLS/SSL certificate key size too small

Apache Cassandra Unauthorized Access Vulnerability

H2 console publicly accessible

Severity

Medium

Classification

CWE-319 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N

Tags

Configuration