Description
The absence of the Secure flag in cookies allows them to be transmitted over unencrypted connections, making them vulnerable to interception by attackers conducting man-in-the-middle (MitM) attacks. A cookie with the Secure flag is only sent to the server with encrypted requests over HTTPS, ensuring its confidentiality and integrity.
Recommendation
To enhance security, always set the Secure flag for cookies, especially for those containing sensitive information such as session tokens or user credentials. This ensures that the cookies are only transmitted over secure, encrypted connections, mitigating the risk of interception by attackers.
References
- OWASP: Secure Cookie Flag
- OWASP: Session Management Cheat Sheet
- Wikipedia: Man-in-the-middle attack
- MDN Web Docs: Secure cookie
- CWE-16
- CWE-614
- OWASP 2021-A5
Related Issues
- Session Cookie without Secure Flag - Vulnerability
- Public-Key-Pins Header is Set - Vulnerability
- Session Cookie without HttpOnly Flag - Vulnerability
- ASP.NET Version Disclosure - Vulnerability
- Tags:
- HTTP Headers
- SSL/TLS
- Cookie
- Man-in-the-middle Attack
- Application Misconfiguration
Anything's wrong? Let us know Last updated on May 13, 2024