Sensitive Cookie Without HttpOnly Flag in it-novum/openitcockpit
Jun 14th 2023
Access and login to the demo website: https://demo.openitcockpit.io/
Press F12 on your keyboard or right-click on the website to open dev-tool.
At Application tab, choose Cookies and there is CookieAuth (sensitive cookie) without HttpOnly flag.
Proof of Concept
Link image evidence: https://drive.google.com/file/d/1kW_nDsDCOIv6WHrecj0nFBYWrvnqcXBC/view?usp=sharing
If the HttpOnly flag is not set, then sensitive information stored in the cookie may be exposed to unintended parties.
If the cookie is an authentication cookie, then not setting the HttpOnly flag may allow an adversary to steal authentication data and assume the identity of the user.