ADC Vulnerability: pwcount Cookie Missing HTTP Only Flag
Article ID: CTX306546
Updated On:
Description
Customer is failing PCI scan because the ADC Gateway server pwcount cookie is not showing with HTTP only flag set.
Resolution
Rewriting ADC generated cookies is not supported as per https://docs.citrix.com/en-us/citrix-adc/current-release/getting-started-with-citrix-adc/load-balancing/force-secure-and-httponly-cookie-options.html
Also the pwcount cookie is needed for JavaScript to generate secondary password field. It does not have any sensitive information stored.
Also the pwcount cookie is needed for JavaScript to generate secondary password field. It does not have any sensitive information stored.
Issue/Introduction
Briefly describe the article. The summary is used in search results to help users find relevant articles. You can improve the accuracy of search results by including phrases that your customers use to describe this issue or topic.Customer is failing PCI scan because the NetScaler Gateway server pwcount cookie is not showing with HTTP only flag set.
Was this article helpful?
Yes
No
Powered by
