Mantis < 1.1.4 HTTPS Session Cookie Secure Flag Weakness

2008-11-03T00:00:00
ID 4694.PRM
Type nessus
Reporter Tenable
Modified 2019-03-06T00:00:00

Description

The remote server is running Mantis, a bug-tracking software. This version of Mantis is vulnerable to a flaw where cookies passed over SSL are not marked as 'Secure'. Given this, the cookie can be requested over HTTP and sent via plaintext.

                                        
                                            Binary data 4694.prm