Skip to main content

CodeAnt AI home page

Support
Dashboard
Dashboard

Start Here

What is CodeAnt?
Join Community

Setup

Github
GitHub Enterprise
Bitbucket
Bitbucket Data Center

Pull Request Review

Scan center

Integrations

IDE

CLI

Setup
Commands
Git Hooks

Rule Reference

Infrastructure Security Database

Resources

Laravel-cookie-not-encrypted

Laravel cookie not encrypted

laravel-cookie-not-encrypted

The application appears to have disabled the cookie encryption middleware which can lead to a Cross-site request forgery (CSRF) vulnerability. If the application uses cookie-based authentication, an attacker can trick users into sending authenticated HTTP requests without their knowledge from any arbitrary domain they visit. You can prevent this vulnerability by encrypting cookies if you use them to handle sessions or storing sensitive data. To enable the cookie encryption middleware add \$APP\Http\Middleware\EncryptCookies to the middleware group in your $APP\Http\Kernel class.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-352: Cross-Site Request Forgery (CSRF)
OWASP:
- A01:2021 - Broken Access Control

Laravel command injection Laravel csrf not verified

⌘I

twitter linkedin