Cookies are used to manage state, handle logins or to track you for advertising purposes and should be kept safe. The process involved in setting a cookie is:-
The server asks your browser to set a cookie.
It gives a name, value and other parameters.
Browser stores the data in disk or memory. This feature depends on the cookie type.
If the cookies are not set as secure, the browser will then send the cookie as a plain text through the communication channel. The attacker can intercept this communication to access sensitive information. To exploit this vulnerability, the attacker must position himself at the correct position to eavesdrop the communication. This attack is possible when the user uses an insecure connection like public WiFi or office with a compromised system.
Impact
Using this vulnerability, an attacker can:-
redirect the user to a malicious site to steal information/data.
show user false data which will, in turn, affect the credibility of the website.
Mitigation / Precaution
Beagle recommends the following fixes:-
JAVA - Servlet 3.0 (Java EE 6)
Java supports secure flag in Cookie interface. Methods setSecure and isSecure can be used to set and check for a secure value in cookies.
web.xml
Add the following code in web.xml
<session-config>
<cookie-config>
<secure>true</secure>
</cookie-config>
</session-config>
JAVA - Tomcat
Add a custom header:
String sessionid = request.getSession().getId();
response.setHeader("SET-COOKIE", "JSESSIONID=" + sessionid + "; secure");
ASP.NET
Insert the following in web.config:
: <httpCookies requireSSL="true" />
PHP
Add the following line in php.ini:
session.cookie_secure = True
If the script is via a function.:
bool setcookie ( string $name [, string $value [, int $expire= 0 [, string $path
[, string $domain [, bool $secure= false [, bool $httponly= false ]]]]]] )
