Insecurely generated cookies - Secure | Fluid Attacks Database

Database

Description

The system does not set the Secure attribute for sensitive cookies, which could cause them to be sent through an insecure channel.

Impact

Obtain sensitive information by performing a MiTM attack.

Recommendation

The application must set the Secure attribute in the cookies with sensitive information.

Threat

Unauthorized attacker from adjacent network performing a MitM.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

029 - Cookies with security attributes

Rules

Http Cookie Missing Secure Python Cookie Secure Set False Scala Secure Flag Not Set Java Missing Secure Cookie Flag Java Cookie Serializer Secure False Javascript Session Cookie Secure False Kotlin Cookie Missing Secure Flag Java Cookie Secure Flag False Php Set Cookie Without Secure Flag C Sharp Insecure Cookie Secure Flag False Php Cookie Secure False Default Go Secure Cookie Disabled Java Missing Secure Cookie Flag Servlet Typescript Session Cookie Secure False

Fixes

Csharp Dart Go Java JavaScript/TypeScript Python Ruby Scala