Not Secure Cookie
- CWE 614
Not Secure Cookie occurs when cookies are transmitted over unencrypted HTTP connections without the Secure attribute. This allows attackers to intercept or manipulate cookies through network-based attacks such as man-in-the-middle (MITM). Sensitive information in cookies, including session identifiers, authentication tokens, or personal data, can be exposed or hijacked, leading to unauthorized access or account compromise.
Common patterns leading to insecure cookies:
- Setting session or authentication cookies without the
Secureflag. - Transmitting cookies over HTTP instead of HTTPS.
- Misconfigured web server or framework defaults that do not enforce secure cookie transmission.
- Mixed-content pages that allow HTTP connections alongside HTTPS, enabling cookie exposure.
Impacts:
- Session Hijacking: Attackers can capture cookies over unencrypted channels to impersonate users.
- Sensitive Data Exposure: Any confidential data stored in cookies can be intercepted.
- Account Compromise: Stolen cookies can be used to gain unauthorized access to accounts.
- Privilege Escalation: Attackers can use intercepted cookies to escalate privileges or bypass authentication.
Detection indicators:
- Cookies returned in HTTP responses without the
Secureflag. - Cookies transmitted over plain HTTP connections.
- Security scanners flagging cookies as not secure.
Remediation
Mitigation focuses on securing cookie transmission and enforcing encryption:
Set Secure Attribute on Cookies
Mark all session, authentication, and sensitive cookies with theSecureflag to ensure they are only transmitted over HTTPS.Enforce HTTPS Across the Application
Redirect all HTTP traffic to HTTPS and disable non-secure connections.Combine Secure with HttpOnly
UseSecurealongsideHttpOnlyto prevent both network interception and client-side access via scripts.Limit Cookie Scope
Use thePathandDomainattributes to restrict cookie accessibility to intended endpoints.Review Framework and Server Defaults
Ensure web server and application framework configurations enforce secure cookie transmission by default.Regular Security Testing
Include checks for missingSecureflags in cookies during penetration tests and automated scans.Monitor and Audit Cookies
Track HTTP responses and cookie attributes to confirm that sensitive cookies are properly flagged.
References
Search Vulnerability
You may also see
- Long Redirect Response
- Error Message
- Stack Trace
- Internal Path
- Not Secure Cookie
- Not Http-Only Cookie
- Sensitive Data in Query String
- Sensitive Data over HTTP
- Server Error
- Source Code Disclosure
- Information Leakage
- Web Backdoor
- Database Connection String
- Autocomplete Enabled
- Undefined Content-Type Header
- Missing X-Frame-Options Header
- File Upload Input Detected
- Mixed Content
- Insecure iFrame
- XPath Injection
- Basic Authentication over HTTP
- Forbidden Resource
- Multiple Choices Enabled
- Apache MultiViews Enabled
- GraphQL Endpoint Detected