Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrSl4x05915ED4C-5FE2-42E7-8FAC-5DD0D032727C
HistoryNov 18, 2022 - 11:14 a.m.

TLS Cookie without `secure` flag at https://roy.demo.phpmyfaq.de

2022-11-1811:14:28
sl4x0
www.huntr.dev
18
tls
cookie
secure flag
session token
http
network traffic
vulnerability
attack
remediation
cwe-614

0.001 Low

EPSS

Percentile

48.7%

JSON

Description

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function. This issue was found in multiple locations under the reported path.

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie’s scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain that issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.
To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim’s network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user’s ISP or the application’s hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet’s core infrastructure.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute

PoC

Related

veracode 1
prion 1
nvd 1
cvelist 1
osv 2
cve 1
github 1
openvas 1
veracode
veracode
Information Disclosure
2022-12-13 02:45:36
prion
prion
Session fixation
2022-12-11 15:15:00
nvd
nvd
CVE-2022-4409
2022-12-11 15:15:10
cvelist
cvelist
CVE-2022-4409 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq
2022-12-11 00:00:00
osv
osv
phpMyFAQ has insecure HTTP cookies
2022-12-11 15:30:44
CVE-2022-4409
2022-12-11 15:15:10
cve
cve
CVE-2022-4409
2022-12-11 15:15:10
github
github
phpMyFAQ has insecure HTTP cookies
2022-12-11 15:30:44
openvas
openvas
phpMyFAQ < 3.1.9 Multiple Vulnerabilities
2022-12-12 00:00:00

0.001 Low

EPSS

Percentile

48.7%

JSON
Related for 5915ED4C-5FE2-42E7-8FAC-5DD0D032727C
veracode1prion1nvd1cvelist1osv2cve1github1openvas1