Sensitive Cookie Without Secure Flag in it-novum/openitcockpit
Jun 14th 2023
Access and login to the demo website: https://demo.openitcockpit.io/
Press F12 on your keyboard or right-click on the website to open dev-tool.
At Application tab, choose Cookies and there are some sensitive cookies without Secure flag. (CookieAuth, csrfToken)
Proof of Concept
Link image evidence: https://drive.google.com/file/d/1kW_nDsDCOIv6WHrecj0nFBYWrvnqcXBC/view?usp=sharing
If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope.
An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.