CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

CWE-614

Abstraction:
Variant

Structure:
Simple

Status:
Draft

Weakness Name: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Description: The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.

Common Consequences: Scope: Confidentiality
Impact: Read Application Data

Related Weaknesses: CWE-319Cleartext Transmission of Sensitive InformationHigh

Related Alerts: Cookie Without Secure FlagLow

Release Date:
2007-05-07

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard