LRVT

Hey @dcooper16, when I use OpenSSL specifically, the RC4 ciphers checks will not work, as those are not enabled for OpenSSL anymore in newer versions. I assume I would have...

Hi @dcooper16, basically the same host: ```` testssl.sh --rc4 --ip one --fast --openssl=/usr/bin/openssl https://leibniz-gwzo.de/de ```` In my case, this leads to the following warning: ```` RC4 (CVE-2013-2566, CVE-2015-2808) Local problem:...

> Hi @dcooper16, > > basically the same host: > > ``` > testssl.sh --rc4 --ip one --fast --openssl=/usr/bin/openssl https://leibniz-gwzo.de/de > ``` > > In my case, this leads to...

Yeah definitely. Just wanted to start the discussion whether the endpoints are intended to be exposed. Ping and health are typically exposed and ok, I agree. Just listed all. Not...

Also ensure to set cookie flags like `SameSite` and `HttpOnly` for the cookies `refreshToken` and `accessToken`. https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes

> Is this issue still open? anyone working on it? I've never heard back. Would assume this is still an issue.

Your custom location basically broke the nginx config somehow. Take a look at the config itself for your proxy host and try to understand, why its malformed. Maybe you can...

+1 good idea

> I had this issue and checked the admin.log file. The bitwarden container wasn't able to talk to my mariadb container. Easily fixed by adding the bitwarden container to the...

> I was able to reproduce this easily. > I believe it is caused by renaming the containers in the docker-compose.yml. My guess is something inside the bitwarden container looks...