Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Doctrine
- Lang
- Security
- Security
- Audit
- Injection
- Search-active-debug
- Search-cookie-secure-false-ini-config
- Taint-cookie-http-false
- Taint-cookie-secure-false
- Taint-unsafe-echo-tag
- Tainted-code-execution
- Tainted-command-injection
- Tainted-curl-injection
- Tainted-path-traversal
- Tainted-url-to-connection
- Tainted-url-to-guzzle-client
- Tainted-url-to-httpful
- Tainted-user-input-in-php-script
- Tainted-user-input-in-script
- Xml-external-entities-unsafe-entity-loader
- Xml-external-entities-unsafe-parser-flags
- Laravel
- Secrets
- Symfony
- Wordpress-plugins
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Taint-cookie-secure-false
Taint cookie secure false
Secure cookie flag is explicitly disabled. This will cause cookies to be transmitted over unencrypted HTTP connections which can allow theft of confidential user data such as session tokens.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-614: Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute
OWASP:
- A05:2021 - Security Misconfiguration