cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 9

Missing Secure Flag From SSL Cookie

Hi,

We moved our Orion Web Console from HTTP to HTTPS after a fresh Install of SolarWinds 2020.2. Updated Orion Website from IIS Manager to bind to cert provided by CA. Our security team ran scans and they found the below vulnerabilities.

Missing HttpOnly Flag From Cookie (http-cookie-http-only-flag)
Missing Secure Flag From SSL Cookie (http-cookie-secure-flag)
HTTP OPTIONS Method Enabled (http-options-method-enabled)

I followed the hardening guide (link below) and I am not sure what additional steps are missing. Any Ideas.

Secure Configuration for the Orion Platform (solarwinds.com)

 

 

 

 

0 Kudos
1 Reply
Level 9

Any Update, It seems I am the only one trying to secure the Orion platform in this community.

0 Kudos