CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE-614
- Abstraction:
- Variant
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
- Description
The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.
- Common Consequences
Scope: Confidentiality
Impact: Read Application Data
- Related Weaknesses
- Related Alerts
- Release Date:
- 2007-05-07
- Latest Modification Date:
- 2023-06-29
Free security scan for your website