Insecurely generated cookies
Description
The system does not set security attributes for sensitive cookies, which could cause them to be sent in plain text or disclosed by unauthorized users on the client side.
Impact
Send plain text session cookies through insecure channels.
Recommendation
The application must set the corresponding security attributes when cookies are generated.
Threat
Anonymous attacker from the Internet.
Expected Remediation Time
⏱️ 15 minutes.
Requirements
029 - Cookies with security attributesRules
Typescript Path Undefined In Session CookieJava Data Leak Through Persistent CookieJava Cookie Without ValidationC Sharp Session Cookie InjectionJavascript Sensitive Info In CookieTypescript Sensitive Info In CookieC Sharp Insecure Cookie GenerationJavascript Insecurely Generated CookiesRuby Short Session KeyJavascript Path Undefined In Session CookieTypescript Insecure Cookie Generation