Corgea LogoCorgea Security Hub

CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Learn about CWE-614 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute), its security impact, exploitation methods, and prevention guidelines.

• Overview: Sensitive cookies in an HTTPS session are not marked with the 'Secure' attribute, allowing them to be transmitted in plaintext if an HTTP connection occurs.

• Exploitation Methods:

  • Attackers can intercept cookies when they are sent over an insecure HTTP connection.
  • Common attacks include man-in-the-middle (MITM) attacks where attackers capture traffic on unsecured networks.

• Security Impact:

  • Direct consequences include exposure of sensitive cookie data like session tokens.
  • Potential cascading effects include session hijacking and unauthorized access.
  • Business impact involves data breaches, loss of user trust, and potential legal ramifications.

• Prevention Guidelines:

  • Ensure cookies intended for secure contexts are marked with the 'Secure' attribute in your code.
  • Follow security best practices by using HTTPS only for sensitive data transmission.
  • Use recommended tools and frameworks that enforce secure cookie attributes by default.
Corgea can automatically detect and fix Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in your codebase. [Try Corgea free today](https://corgea.app).

Technical Details

Likelihood of Exploit: Not specified

Affected Languages: Not specified

Affected Technologies: Web Based

Corgea Logo

Find this vulnerability and fix it with Corgea

Scan your codebase for CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute and get remediation guidance

Start for free and no credit card needed.