InVision: Sensitive information in cookies

2014-05-31T14:26:36
ID H1:14274
Type hackerone
Reporter coolboss
Modified 1970-01-01T00:00:00

Description

I observed sensitive information stored in cookies.

eg. This are my extracted cookies.

█████

You can clearly see user's email-id in the cookie ███████

You should not pass sensitive information in cookies. If cookies are stolen, this will result in compromising data of user.

If you have more questions, you may ask for.

Thank You, Pranav