search-cookie-secure-false-ini-config
search-cookie-secure-false-ini-config
Secure cookie flag is explicitly disabled. This will cause cookies to be transmitted over unencrypted HTTP connections which can allow theft of confidential user data such as session tokens.
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
OWASP:
- A05:2021 - Security Misconfiguration
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
OWASP:
- A05:2021 - Security Misconfiguration