Cookie set without 'Secure' flag

By
Manieendar Mohan
Published on
19 Jun 2018
1 min read
Vulnerability
Cookies Attributes

Cookies are used to manage state, handle logins or to track you for advertising purposes and should be kept safe. The process involved in setting cookie are:-

  1. The server asks your browser to set a cookie.
  2. It gives a name, value and other parameters.
  3. Browser stores the data in disk or memory. This feature depends on the cookie type.

If a secure flag is set in a cookie, then the browsers will not submit the cookie in through an unencrypted HTTP connection. This prevents the cookie from being intercepted by an attacker monitoring the communication. If the secure flag is not set, then the cookie will be transmitted as a clear-text to the user. An attacker can exploit this vulnerability by sending the end users with malicious links. An attacker can use links of the form http://example.beaglesecurity.com:777/ to perform a malicious attack on the user.

An attacker can successfully attack a user if he gets access to the communication channel. This attack is possible when an end user accesses a website through public access points such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defences such as switched networks are not sufficient to prevent this. An attacker situated in the user’s ISP or the application’s hosting infrastructure could also perform this attack.

Impact

Using this vulnerability, an attacker can.

  • redirect the user to a malicious site to steal information/data.
  • show user false data which will, in turn, affect the credibility of the website.

Mitigation / Precaution

Beagle recommends that the secure flag should be set on all cookies transmits sensitive data. Especially when accessing content over HTTPS. The user session tokens should never be transmitted over unencrypted communications. If the cookies transmit session tokens, the application that is accessed over HTTPS should employ a session handling mechanism.

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Manieendar Mohan
Manieendar Mohan
Cyber Security Lead Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.