VAPT errors and how to fix them?

Cryptospy · August 12, 2025, 1:03pm

i am in 7-8 month older version of cockpit, but ondoing Vulnerability Assessment and Penetration Testing by my client, they found

PII Disclosure
stored xss and xss through file upload ,
CSRF Token Reuse,
Authentication Bypass via Response Manipulation
Session Hijacking,

are any of these these resolved in latest version? if not guide to fix them

Note it was a plain installation , with little to no customization.

artur · August 13, 2025, 4:21pm

which version are you on?

artur · August 13, 2025, 4:26pm

It would also make sense the share the findings privately or do an assessment in general against a newer version

Cryptospy · August 16, 2025, 11:52am

okay i am sending you the reports today

Topic		Replies	Views
Cannot reach cockpit in deployed app Support	4	949	October 16, 2018
Uuuups, something went wrong General	1	717	January 15, 2019
Upgrade 0.13.0 -> 0.5.5 Support	1	1137	April 25, 2018
SOLVED - Error Unauthorized on API requests Support	1	1733	February 19, 2019
Can't login after installation Support	2	766	September 25, 2020