Secure Flag

Category: Security Misconfiguration

Severity: Medium

Description

The secure flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from being observed by unauthorized parties due to the transmission of a the cookie in clear text.

Impact

The attacker could get access to the user’s cookies even when HTTPS is believed to be used. The risk depends on the cookie that lacks this flag.

Remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

https://portswigger.net/kb/issues/00500200_tls-cookie-without-secure-flag-set

PreviousReflected XSS NextServer-side request forgery (SSRF)

Last updated 7 months ago