OC Security Observation JSESSION AUTH
Article ID: 216328
Updated On:
Products
DX Unified Infrastructure Management (Nimsoft / UIM)
Issue/Introduction
We were able to identify the JSESSIONID value did not change before and after authentication.
UIM 20.3.3 no hot fixes
URL:
|
Recommendation |
Change the JSESSIONID value right after successful authentication, and also ensure that session id’s timeout after certain durations of inactivity. |
Environment
Release : 20.3
Component : UIM - SECURITY VULNERABILITIES
Resolution
This is already part of UIM 20.3.3 and is configurable in the wasp.cfg file.
oc.jwt.autogeneratetoken = true
oc.jwt.issuer = CA Broadcom
oc.jwt.expiryInSecs = 1800
oc.jwt.refreshInterval = 120
Feedback
Yes
No
Powered by
