Mantis < 1.1.4 HTTPS Session Cookie Secure Flag Weakness

ID 4694.PRM
Type nessus
Reporter Tenable
Modified 2019-03-06T00:00:00


The remote server is running Mantis, a bug-tracking software. This version of Mantis is vulnerable to a flaw where cookies passed over SSL are not marked as 'Secure'. Given this, the cookie can be requested over HTTP and sent via plaintext.

                                            Binary data 4694.prm