Cookie without 'Secure' flag but protect by HSTS

OWASP 2013-A5 OWASP 2017-A6 WSTG-CONF-07 CWE-614 WASC-15

Cookies are used to manage state, handle logins or to track you for advertising purposes and should be kept safe. The process involved in setting a cookie are:-

  1. The server asks your browser to set a cookie.
  2. It gives a name, value and other parameters.
  3. Browser stores the data in disk or memory depending on the cookie type.

Each request to the website sends the cookies along with the request. The significant vulnerability with cookies are:-

  • Cookies are not protocol specific. That is, a cookie set on the HTTPS website will also be accessible on the HTTP version.

  • Cookies can be accessed by JavaScript on the browser. If an attacker gets to run specific intrusion JavaScript on the website, then the cookies can be read by the attacker. This attack can be done using XSS.

This vulnerability can lead to a vast spectrum of cookie-related attacks. Cookies without Secure Flag will allow sending of data via less secure routes which will, in turn, lead to loss of sensitive data.

Impact

Using this vulnerability, an attacker can:-

  • leak information about the application’s users. This can cause a major data breach.
  • possibly manipulate the sensitive information sent between the server and the client.

Mitigation / Precaution

Beagle recommends the following fixes:-

Edit the config file of the server and add the following:-

        $1;HttpOnly;Secure

    

Related Articles