CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

CWE ID:

CWE-614

Abstraction:Variant
Structure:Simple
Status:Draft

Release Date:2007-05-07
Latest Modification Date:2023-06-29

Weakness Name

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Description

The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.

Common Consequences

Scope: Confidentiality

Impact: Read Application Data

Related Weaknesses

CWE-319Cleartext Transmission of Sensitive InformationHigh

Related Alerts

Cookie Without Secure FlagLow

Top Security News

Top CVE List

Common Alerts

HighPath Traversal
MediumInsecure JSF ViewState
HighSource Code Disclosure - CVE-2012-1823
HighServer Side Code Injection - ASP Code Injection
HighSQL Injection - PostgreSQL
MediumExponential Entity Expansion (Billion Laughs Attack)
MediumApache Range Header DoS (CVE-2011-3192)
MediumELMAH Information Leak
InformationalGraphQL Server Implementation Identified
MediumCross-Domain Misconfiguration