Skip to main content

Reliance on Cookies without Validation and Integrity Checking in a Security Decision

CVE-2020-16036

Severity Medium
Score 6.5/10

Summary

Inappropriate implementation in cookies in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass cookie restrictions via a crafted HTML page.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • REQUIRED
  • NONE
  • NONE
  • NONE

CWE-784 - Reliance on Cookies without Validation and Integrity Checking in a Security Decision

The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.

Advisory Timeline

  • Published