Cookies are used to manage state, handle logins or to track you for advertising purposes and should be kept safe. The process involved in setting a cookie are:-
Each request to the website sends the cookies along with the request. The significant vulnerability with cookies are:-
Cookies are not protocol specific. That is, a cookie set on the HTTPS website will also be accessible on the HTTP version.
This vulnerability can lead to a vast spectrum of cookie-related attacks. Cookies without Secure Flag will allow sending of data via less secure routes which will, in turn, lead to loss of sensitive data.
Using this vulnerability, an attacker can:-
Beagle recommends the following fixes:-
Edit the config file of the server and add the following:-