Session ID Leakage via Referer Header

Description

A malicious hyperlink can potentially leak sensitive session IDs by exposing the target URL within the Referer header.

Recommendation

To mitigate this risk, ensure that any sensitive session IDs are isolated and secured within a cookie or token. Additionally, consider implementing referer blocking or rewriting to prevent sensitive information from being exposed.

Written by

Anandhu Krishnan

Lead Engineer