Cookie without Secure Flag
Impact: Low
Description
The absence of the Secure
flag in cookies allows them to be transmitted over unencrypted connections, making them vulnerable to interception by attackers conducting man-in-the-middle (MitM) attacks. A cookie with the Secure
flag is only sent to the server with encrypted requests over HTTPS, ensuring its confidentiality and integrity.
Recommendation
To enhance security, always set the Secure
flag for cookies, especially for those containing sensitive information such as session tokens or user credentials. This ensures that the cookies are only transmitted over secure, encrypted connections, mitigating the risk of interception by attackers.
References
- CWE-16
- CWE-614
- MDN Web Docs: Secure cookie
- OWASP 2021-A5
- OWASP: Secure Cookie Flag
- OWASP: Session Management Cheat Sheet
- Wikipedia: Man-in-the-middle attack
👉 You might also like:
Session Cookie without Secure Flag - Vulnerability
Cookie without HttpOnly Flag - Vulnerability
Cookie without SameSite Flag - Vulnerability
Session Cookie without HttpOnly Flag - Vulnerability
Last updated on May 13, 2024