Platform Usage / Cleartext Storage of Sensitive Information in Cookie

Web and API

Description

Cleartext storage of sensitive information in cookie is a vulnerability that occurs when an application stores sensitive information in a cookie without any encryption or hashing. This can make it easy for an attacker to access the stored information. This vulnerability is classified as CWE-312 and is listed in the OWASP Testing Guide under Storage of Sensitive Information in Cookies.

Risk

This vulnerability poses a high security risk, as it allows an attacker to access and use the stored sensitive information without any authentication. This could lead to data loss, data corruption, or even complete system compromise.

Solution

The solution to this vulnerability is to ensure that any sensitive information stored in a cookie is securely encrypted or hashed. Further, application developers should use a secure cookie flag to prevent the cookie data from being sent back to the server over an insecure connection.

Curious? Convinced? Interested?

Arrange a no-obligation consultation with one of our product experts today.