Sensitive Cookie Without Secure Flag in it-novum/openitcockpit

Valid

Reported on

Jun 14th 2023

Description

Access and login to the demo website: https://demo.openitcockpit.io/

Press F12 on your keyboard or right-click on the website to open dev-tool.

At Application tab, choose Cookies and there are some sensitive cookies without Secure flag. (CookieAuth, csrfToken)

Proof of Concept

Link image evidence: https://drive.google.com/file/d/1kW_nDsDCOIv6WHrecj0nFBYWrvnqcXBC/view?usp=sharing

Impact

If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope.

An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.

We are processing your report and will contact the it-novum/openitcockpit team within 24 hours. 3 months ago

We have contacted a member of the it-novum/openitcockpit team and are waiting to hear back 3 months ago

A it-novum/openitcockpit maintainer validated this vulnerability 3 months ago

Hi Chuu, many thanks for contacting us. We can confirm that it would be good to only cookies with secure HTTPS connections. We have created a patch, which will resolve the issue and enables the secure flag for all our cookies. https://github.com/it-novum/openITCOCKPIT/pull/1523/files

Thanks again for contacting us to keep openITCOCKPIT secure. We appreciate this!

Chuu has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

A it-novum/openitcockpit maintainer marked this as fixed in 4.6.6 with commit 6c717f 3 months ago

The fix bounty has been dropped

This vulnerability has been assigned a CVE

This vulnerability is scheduled to go public on Jul 6th 2023

Chuu

commented 3 months ago

Researcher

@ maintainer Thank you too.

A it-novum/openitcockpit maintainer published this vulnerability 3 months ago

to join this conversation