cookie-secure-flag-false
cookie-secure-flag-false
A cookie was detected without setting the ‘secure’ flag. The ‘secure’ flag for cookies prevents the client from transmitting the cookie over insecure channels such as HTTP. Set the ‘secure’ flag by calling ‘$COOKIE.setSecure(true);‘
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
OWASP:
- A05:2021 - Security Misconfiguration
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
OWASP:
- A05:2021 - Security Misconfiguration