Javascript Sensitive Info In Cookie
Description
Detects when sensitive information is stored in browser cookies using JavaScript code. This can expose confidential data to malicious actors since cookies are stored client-side and can be accessed or modified by attackers.
Detection Strategy
• Identifies JavaScript code that writes potentially sensitive data to cookies
• Analyzes cookie operations to check if they contain sensitive information like passwords, tokens, or authentication data
• Reports vulnerabilities when sensitive information is stored directly in cookie values
• Examines cookie settings and parameters for proper security configurations
Vulnerable code example
import { ActivatedRoute } from '@angular/router';
import { CookieService } from 'ngx-cookie-service';
export class LoginComponent {
constructor(
private route: ActivatedRoute,
private cookieService: CookieService
) {...✅ Secure code example
import { OnInit } from '@angular/core';
import { ActivatedRoute } from '@angular/router';
import { CookieService } from 'ngx-cookie-service';
export class LoginComponent implements OnInit {
constructor(
private route: ActivatedRoute,
private cookieService: CookieService...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.