Symptoms
A PCI scan reports the following vulnerability on port 2087.
Web Server Predictable Session ID Vulnerability
Description
The cPanel software sets a cookie value to expire all sessions upon loading the page. It ensures that all logins are expired if the user attempts to load a session that doesn't exist. This would allow the user to perform a clean login attempt. It also avoids loops for expired sessions if the user tries to load an expired session saved in their browser. Someone attempting to gain access from an expired session would also fail, as exploiting the login in this manner is prevented.
PCI Audits may mistakenly identify these cookies as a security concern. The purpose of these cookies is to invalidate the previously used cookies after a failed authorization attempt. Upon successful authentication, a secure cookie will be used.
Workaround
Report this false positive for cookies like the following to the scanner.
Set-Cookie: roundcube_sessid=expired