Configuration Management / SSL/TLS Cookie without Secure Flag
SSL/TLS Cookie without secure flag is a vulnerability that occurs when an application sets an SSL/TLS cookie without the secure flag set, resulting in the cookie being sent in clear text over an unsecured connection. This is a configuration management vulnerability, classified in the CWE directory as CWE-614. The OWASP Testing Guide describes the vulnerability as “cookies sent in the clear over unencrypted channels”.
The risk posed by this vulnerability is that unprotected cookies can be intercepted and used by malicious actors to gain access to sensitive user data or to gain access to the application itself. This can lead to theft of credentials, data breaches, or other malicious activity.
The solution to this vulnerability is to make sure that SSL/TLS cookies are set with the secure flag enabled. This ensures that the cookie is only sent over a secure, encrypted connection. Additionally, developers should ensure that any cookies set have their path and domain set correctly, and that any sensitive data is encrypted.
// Without Secure Flag Set-Cookie: sessionid=abc123 // With Secure Flag Set-Cookie: sessionid=abc123; Secure