Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in netdisco/netdiscoValid
Sep 27th 2021
Session cookie dancer.session is not marked with 'Secure'
Proof of Concept
- Go to demo page https://netdisco2-demo.herokuapp.com, the page will automatically logs in as guest
- Open Firefox developer and see that the cookie dancer.session is not marked with 'Secure'