Skip to main content

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

CVE-2022-4409

Severity High
Score 7.5/10

Summary

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq versions prior to 3.1.9.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • NONE

CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.

References

Advisory Timeline

  • Published