Web Application Cookies Not Marked Secure

info Nessus Plugin ID 85602

Synopsis

HTTP session cookies might be transmitted in cleartext.

Description

The remote web application sets various cookies throughout a user's unauthenticated and authenticated session. However, there are instances where the application is running over unencrypted HTTP or the cookies are not marked 'secure', meaning the browser could send them back over an unencrypted link under certain circumstances. As a result, it may be possible for a remote attacker to intercept these cookies.

Note that this plugin detects all general cookies missing the 'secure' cookie flag, whereas plugin 49218 (Web Application Session Cookies Not Marked Secure) will only detect session cookies from an authenticated session missing the secure cookie flag.

Solution

Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision.

If possible, ensure all communication occurs over an encrypted channel and add the 'secure' attribute to all session cookies or any cookies containing sensitive data.

See Also

https://www.owasp.org/index.php/SecureFlag

Plugin Details

Severity: Info

ID: 85602

File Name: http_generic_secure_cookies.nasl

Version: Revision: 1.1

Type: remote

Family: Web Servers

Published: 8/24/2015

Updated: 8/24/2015

Supported Sensors: Nessus

Reference Information

CWE: 522, 718, 724, 928, 930