Session Cookie Does Not Contain the "Secure" Attribute
Created by: armorcodegithubqa[bot]
The secure cookie flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from being observed by unauthorized parties due to the transmission of a the cookie in clear text. By setting the secure flag, the browser will prevent the transmission of a cookie over an unencrypted channel.
A cookie with the secure attribute was not detected in the scan.
QID Detection Logic:
This unauthenticated QID checks for the existence of the "secure" cookie flag.
Category: CGI
QID: 13162
Port: 8080
Result Evidence: HTTP Cookie missing Secure attribute on port 8080.
Set-Cookie: JSESSIONID=6C74A9F7DEE9F19C79B909749C8E1D5D; Path=/; HttpOnly
GET / HTTP/1.0
Host: 65.61.137.117:8080
First Found: 2021-11-15T06:23:55Z
Last Found: 2021-11-15T06:23:55Z
Times Found: 1
Mitigation: Apply the "secure" attribute to session cookies to ensure that they are sent via HTTPS only. More information about this flag can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie.
Finding Id : 20645904