I think I found it.

http://koji.clearos.com/koji/taskinfo?taskID=24146

If you can, please test this on your environments by updating clearos-framework from updates-testing and let me know if this fixes your issues:

yum --enablerepo=clearos-updates-testing update clearos-framework

This is related to some issue that we needed to address to validate that cookies were only fetchable/sendable via HTTPS. There is no http method but that doesn't mean that on a penetration test (pen test) that the capabilities of the apache server will still register a complaint. So if you have a pen test run against ClearOS it will read the abilities from the apache service (webconfig) and inform you that the site allows for http only cookies. This is a false positive since there is no non-SSL available except to localhost (gconsole) which doesn't kill you with a certificate warning because it actually accesses Webconfig via HTTP via localhost. This is the only place that that is bound.

Nevertheless, I reported a the pen test and this was put through as a patch. And it seems to work in many conditions because when you launch the console, it comes up, the problem is that if it doesn't go directly to the network.php page it will try to log you in. It is when it tries to do a login function that the cookie thing comes up and since you don't have one, you cannot access the site.

Let me know if the build fixes it for you and we will push this through generally. The other issue that exists is that since this package is part of the DVD installer, it is possible (though rare) that a user could encounter this bug if they do certain things in on their system before the updates occur. As such we will need to release a 7.6.1 DVD ISO.