View Issue Details

IDProjectCategoryView StatusLast Update
0008888Mantis BT @ CentOSwebsitepublic2018-05-07 10:38
Reportertill 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Summary0008888: Enforce HTTPS for bugs.centos.org
Descriptionbugs.centos.org uses password authentication with authentication cookies. If using it on insecure networks for example on conferences, the account information can easily be read by nearby attackers. Therefore please:

1) Redirect all access to bugs.centos.org to https
2) Use HSTS, ideally for all of centos.org: https://hstspreload.appspot.com/
3) Protect all cookies from unencrypted submission via the secure flag
TagsNo tags attached.

Activities

arrfab

arrfab

2018-02-20 08:22

administrator   ~0031256

Can we close this bug report ?
arrfab

arrfab

2018-05-07 10:38

administrator   ~0031724

bugs triage, and hsts was enabled, as well as automatic redirection to https

Issue History

Date Modified Username Field Change
2015-06-10 20:21 till New Issue
2018-02-20 08:22 arrfab Status new => feedback
2018-02-20 08:22 arrfab Note Added: 0031256
2018-05-07 10:38 arrfab Status feedback => resolved
2018-05-07 10:38 arrfab Resolution open => fixed
2018-05-07 10:38 arrfab Note Added: 0031724