Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrNyeoooEC44BCBA-AE7F-497A-851E-8165ECF56945
HistorySep 08, 2023 - 2:10 p.m.

Cookie without Secure flag

2023-09-0814:10:50
nyeooo
www.huntr.dev
4
website access
login
dev-tool
sensitive cookies
secure flag
bug bounty

7.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

Description

Access and login to the website.

Press F12 on your keyboard or right-click on the website to open dev-tool.

At Application tab, choose Cookies and there are some sensitive cookies without Secure flag.

Proof of Concept

https://docs.google.com/document/d/1YVviy1mBrbc8Z2PaSizfaoDrTkW0bPlg0nv3WF_hSVQ/

-you can see i use https but the secure is still false/uncheck-

Related

cve 1
cnvd 1
github 1
osv 2
veracode 1
nvd 1
prion 1
cvelist 1
openvas 1
cve
cve
CVE-2023-5866
2023-10-31 01:15:07
cnvd
cnvd
phpMyFAQ Information Disclosure Vulnerability
2023-11-02 00:00:00
github
github
Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq
2023-10-31 03:31:22
osv
osv
Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq
2023-10-31 03:31:22
CVE-2023-5866
2023-10-31 01:15:07
veracode
veracode
Insecure Session Management
2023-11-01 14:47:44
nvd
nvd
CVE-2023-5866
2023-10-31 01:15:07
prion
prion
Session fixation
2023-10-31 01:15:00
cvelist
cvelist
CVE-2023-5866 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq
2023-10-31 00:00:42
openvas
openvas
phpMyFAQ < 3.2.1 Multiple Vulnerabilities
2023-11-02 00:00:00

7.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON
Related for EC44BCBA-AE7F-497A-851E-8165ECF56945
cve1cnvd1github1osv2veracode1nvd1prion1cvelist1openvas1