Vulnerability "Session Cookie Does Not Contain the Secure Attribute" observe on Management center

search cancel

Vulnerability "Session Cookie Does Not Contain the Secure Attribute" observe on Management center

book

Article ID: 281397

calendar_today

Updated On:

Products

Management Center Management Center - VA

Issue/Introduction

In the Vulnerability assessment (VA) of the Management center device, the Vulnerability "Session Cookie Does Not Contain the Secure Attribute" is observed.

Environment

This might be possible if the HTTP service (Web management) is enabled on the Management center device.

Resolution

To close this VA point, It is necessary to disable HTTP web management in the Management center and restart the management-center service.

Execute the following commands to disable HTTP web management.

MC#configure terminal
MC(config)# security http disable
MC(config)#exit
MC#system-services restart management-center

The "system-services restart management-center" command is needed to restart web services which will disable the HTTP console.

Additional Information

During the restart of the management-center service, GUI/ Web console of the Management center device won't be available for use. Once the service is restarted successfully, GUI/Web console will be available for use.

Feedback

thumb_up Yes

thumb_down No