Vinnie Murdico
- Total activity 77
- Last activity
- Member since
- Following 0 users
- Followed by 0 users
- Votes 1
- Subscriptions 17
Comments
Recent activity by Vinnie Murdico-
Update: For the port 2096 login URL, the ASV is now asking:"Can your organization confirm adherence to PCI DSS Requirement 8.2.8, which states " If a user session has been idle for more than 15 min...
-
Thanks so much for that detailed explanation. I think I have a better grasp on the subject now. :)
-
Ok, thanks.
-
Since the ASV seems to want a specific Yes/No answer as to whether the insecure cookies (from my other question) are used to start or maintain an authenticated session, before I post a response to ...
-
I reported this information as a false positive, and they responded asking the same question (essentially saying they want a yes or no answer regardless of the reason):"Can your organization confir...
-
Ok, thanks! I'll pass this along as a false positive and see what happens.
-
Thanks! While I don't fully understand how cookies cause redirect loops, I will pass this along to the scanner vendor as a false positive. Hopefully they'll understand the technical explanation b...
-
The ASV responded to my submission of a false positive with the following question:"Thank you for providing that information. Can your organization confirm that each of the cookies as cited in the ...
-
Ok, I understand. I'll try reporting it as a false positive. Generally they want to know why it's a false positive and not a security issue. So I guess the answer is that "those links on port 2083...
-
Thanks! I just tried those steps, but modifying the premain include section as directed caused hosted websites to no longer show images (403 errors) on all pages, so I backed it out and the sites ...