Sensitive Cookie Without HttpOnly Flag in it-novum/openitcockpit

Valid

Reported on

Jun 14th 2023

Description

Access and login to the demo website: https://demo.openitcockpit.io/

Press F12 on your keyboard or right-click on the website to open dev-tool.

At Application tab, choose Cookies and there is CookieAuth (sensitive cookie) without HttpOnly flag.

Proof of Concept

Link image evidence: https://drive.google.com/file/d/1kW_nDsDCOIv6WHrecj0nFBYWrvnqcXBC/view?usp=sharing

Impact

If the HttpOnly flag is not set, then sensitive information stored in the cookie may be exposed to unintended parties.

If the cookie is an authentication cookie, then not setting the HttpOnly flag may allow an adversary to steal authentication data and assume the identity of the user.

We are processing your report and will contact the it-novum/openitcockpit team within 24 hours. 3 months ago

Chuu modified the report

3 months ago

We have contacted a member of the it-novum/openitcockpit team and are waiting to hear back 3 months ago

A it-novum/openitcockpit maintainer validated this vulnerability 3 months ago

Hi Chuu, many thanks for contacting us. Sorry for my late response. I have only noticed today that you have created to separate reports for Security-Flag and HttpOnly Flag, my bad.

Chuu has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

A it-novum/openitcockpit maintainer marked this as fixed in c4.6.7 with commit 6c717f 3 months ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

This vulnerability is scheduled to go public on Jul 6th 2023

Chuu

commented 3 months ago

Researcher

Hi, thank you too.

A it-novum/openitcockpit maintainer published this vulnerability 3 months ago

to join this conversation