PAM Browser and Cookies

book

Article ID: 16979

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM) CA Privileged Access Manager (PAM)

Issue/Introduction



My Web Page is issuing a session cookie to control the login process.

Is the CA PAM browser capable of handling such session cookies?

Environment

Release: PAMCOA99500-3.0.1-PAM-Management Console-OVA Appliance
Component:

Resolution

Currently by design, for security reasons the CA PAM Browser does not allow persistent session cookies.

The cookie issued by the Web-site remains valid in the life time of this PAM Browser session only.

Having persistent cookies, can let another PAM user use that session cookie to access the previously used session of another user which creates a vulnerability.