Reliance on Cookies without Validation and Integrity Checking in a Security Decision
CVE-2020-16036
Summary
Inappropriate implementation in cookies in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass cookie restrictions via a crafted HTML page.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- REQUIRED
- NONE
- NONE
- NONE
CWE-784 - Reliance on Cookies without Validation and Integrity Checking in a Security Decision
The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.
References
Advisory Timeline
- Published