Get Started
- CodeAnt AI
- Setup
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Doctrine
- Lang
- Laravel
- Security
- Security
- Laravel-code-injection
- Laravel-column-sql-injection
- Laravel-command-injection
- Laravel-cookie-not-encrypted
- Laravel-csrf-not-verified
- Laravel-direct-response-write
- Laravel-http-client-ssrf
- Laravel-mail-command-injection
- Laravel-native-sql-injection
- Laravel-path-traversal-storage
- Laravel-path-traversal
- Laravel-raw-sql-injection
- Laravel-unsafe-entity-loader
- Laravel-xml-unsafe-parser-flags
- Search-laravel-form-csrf
- Secrets
- Symfony
- Wordpress-plugins
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Laravel-cookie-not-encrypted
Laravel cookie not encrypted
The application appears to have disabled the cookie encryption middleware which can lead to a Cross-site request forgery (CSRF) vulnerability. If the application uses cookie-based authentication, an attacker can trick users into sending authenticated HTTP requests without their knowledge from any arbitrary domain they visit. You can prevent this vulnerability by encrypting cookies if you use them to handle sessions or storing sensitive data. To enable the cookie encryption middleware add \$APP\Http\Middleware\EncryptCookies to the middleware group in your $APP\Http\Kernel class.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-352: Cross-Site Request Forgery (CSRF)
OWASP:
- A01:2021 - Broken Access Control