Which IIQ version are you inquiring about?
8.3p1
Please share any images or screenshots, if relevant.
Share all details about your problem, including any error messages you may have received.
Cookies have been found not to contain the “HTTPOnly” attribute.
Cookies without the “HTTPOnly” attribute are allowed to be accessed via JavaScript,
and therefore Cross-site scripting attacks can steal them, which could lead to user
impersonation or compromise of the application account
Cookies have been found not to contain the “Secure” attribute.
Cookies with the “Secure” attribute are only permitted to be sent via HTTPS. Cookies
sent via HTTP expose an unsuspecting user to sniffing attacks that could lead to user
impersonation or compromise of the application account.
In the current assessment, the Vulnerability team has been able to identify that some of the
cookies implemented do not contain the “HTTPOnly” & “Secure” attribute and could lead to session hijacking attacks and sniffing attacks.
Could you please help us add these into SailPoint Environment.
Thanks