Overview

A vulnerability scan of the Exinda finds this issue on Exinda devices running version 7.4.9 and below.
HTTP Strict Transport Security (HSTS) makes browsers use HTTPS instead of HTTP to access the devices, making the sessions more secure.

This article addresses an issue where you may find the HSTS option missing from an Exinda web server.

Environment

ExOS 7.4.9 and below.

Root Cause

This feature is not enabled in older versions on Exinda.

Resolution

HSTS has been enabled on the Exinda web servers from version 7.4.10 and above.  Upgrade to version 7.4.10 or above, to fix this issue.