This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Create Post
arnabmk
Level 9
Wednesday

Missing Secure Flag From SSL Cookie

Hi,

We moved our Orion Web Console from HTTP to HTTPS after a fresh Install of SolarWinds 2020.2. Updated Orion Website from IIS Manager to bind to cert provided by CA. Our security team ran scans and they found the below vulnerabilities.

Missing HttpOnly Flag From Cookie (http-cookie-http-only-flag)
Missing Secure Flag From SSL Cookie (http-cookie-secure-flag)
HTTP OPTIONS Method Enabled (http-options-method-enabled)

I followed the hardening guide (link below) and I am not sure what additional steps are missing. Any Ideas.

Secure Configuration for the Orion Platform (solarwinds.com)

 

 

 

 

0 Kudos
Reply
1 Reply
arnabmk
Level 9
Thursday

Any Update, It seems I am the only one trying to secure the Orion platform in this community.

0 Kudos
Reply

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification SolarWinds Lab
About THWACK Blogs Federal & Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
© 2021 SolarWinds Worldwide, LLC. All Rights Reserved.