A. Excessive headers:
By default, excessive information about the server and frameworks used by an ASP.NET application are returned in the response headers. These headers can be used to help identify security flaws which may exist as a result of the choice of technology exposed in these headers.
Steemit is unnecessarily exposing the following response headers which divulge its choice of web platform:
- Server: nginx
Configuring the application to not return unnecessary headers keeps this information silent and makes it significantly more difficult to identify the underlying frameworks.
- don’t let your response headers talk too loudly
you can see more information about this bug on :
https://www.troyhunt.com/shhh-dont-let-your-response-headers/
B. Secure cookies
Cookies served over HTTPS but not flagged as "secure" may be sent over an insecure connection by the browser. Often this may be a simple request for an asset such as a bitmap file but if it's on the same domain as the cookie is valid for then it will be sent in an insecure fashion. This poses a risk of interception via a man in the middle attack.
It looks like 2 cookies are being served over HTTPS without the "secure" flag being set (name : value):
- koa:sess :
eyJsYXN0X3Zpc2l0IjoxNDY5NDczMzQzLCJ1aWQiOiJwaGcxOGk4ZmY2NTNnMGZ5anhmdndqeXZpIiwibmV3X3Z
pc2l0Ijp0cnVlLCJzZWNyZXQiOiI2MzEtd000ZFhwSlRRR3dqTnE3NXJPWWQiLCJfZXhwaXJlIjoxNTAwNTc3MzQ0
NTAwLCJfbWF4QWdlIjozMTEwNDAwMDAwMH0 - koa:sess.sig : XPp2VMcxvvYCTGU_RdSXqutfwOo
Unless the cookie needs to be sent over an insecure connection, the "secure" flag should always be set to ensure it can only be sent with an HTTPS request.
you can see more information about this bug on :
https://www.troyhunt.com/c-is-for-cookie-h-is-for-hacker/
I hope admin steemit can fix this bug because the slightest bug can be utilized by people who are not responsible
thnks for attention
I upvoted You
thnks bot :-)