logo

CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

CWE-614

  • Abstraction:
  • Variant
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Description

The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.

Common Consequences

Scope: Confidentiality

Impact: Read Application Data

Related Weaknesses
Related Alerts
  • Release Date:
  • 2007-05-07
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website