Insecurely generated cookies - SameSite | Fluid Attacks Database

Database

Description

The applications cookies are generated without properly setting the SameSite attribute.

Impact

Perform a malicious request via a CSRF attack.

Recommendation

The application must set the SameSite attribute in the cookies with sensitive information.

Threat

Attacker from Internet network performing a CSRF attack.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

029 - Cookies with security attributes

Rules

Http Cookie Samesite Not Initialized Javascript Insecure Samesite Cookie Attribute Java Cookie Samesite None Typescript Insecure Samesite Cookie Attribute Java Cookie Samesite None Header Config Files Cookie Samesite None Go Insecure Samesite Cookie Attribute Php Insecure Samesite Cookie Attribute C Sharp Cookie Samesite None Set Java Samesite None Set Go Gin Insecure Samesite Cookie Attribute Python Cookie Samesite None Set

Fixes

Csharp Dart Go Java JavaScript/TypeScript Php Python Ruby Scala