Skip to content
Snippets Groups Projects

#3 Webtune App - Security Misconfiguration - Session Cookies Secure Flag is not set

    • Open Issue created by Dimas Muzaki @maspaitujaki

    The secure flag for session cookie 'regginang' is not set. It means that attacker could eavesdrop on the network and acquire the session ID. this session then can be used to access Webtune as legitimate users.
    For example, an attacker successfully acquire a session id of an admin '0edlidqd5jae9ro7l4ksqpu6u5'. The attacker set this cookie and then logged in. image image

      Child items

      0
      Show labels

      No child items are currently assigned. Use child items to break down this issue into smaller parts.

        Activity

        • Dimas Muzaki changed title from #3 Webtune App - Broken Authentication - Session ID Secure Flag is not set to #3 Webtune App - Security Misconfiguration - Session ID Secure Flag is not set

          changed title from #3 Webtune App - Broken Authentication - Session ID Secure Flag is not set to #3 Webtune App - Security Misconfiguration - Session ID Secure Flag is not set

        • Dimas Muzaki changed title from #3 Webtune App - Security Misconfiguration - Session ID Secure Flag is not set to #3 Webtune App - Security Misconfiguration - Session Cookies Secure Flag is not set

          changed title from #3 Webtune App - Security Misconfiguration - Session ID Secure Flag is not set to #3 Webtune App - Security Misconfiguration - Session Cookies Secure Flag is not set

        • Dimas Muzaki
          Dimas Muzaki @maspaitujaki ·
          Author Owner

          Set secure flag in #ff964085

        Please register or sign in to reply