GitLab

Created by: armorcodegithubqa[bot]

The secure cookie flag is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure flag is to prevent cookies from being observed by unauthorized parties due to the transmission of a the cookie in clear text. By setting the secure flag, the browser will prevent the transmission of a cookie over an unencrypted channel.

A cookie with the secure attribute was not detected in the scan.

QID Detection Logic:
This unauthenticated QID checks for the existence of the "secure" cookie flag. Category: CGI QID: 13162 Port: 8080 Result Evidence: HTTP Cookie missing Secure attribute on port 8080. Set-Cookie: JSESSIONID=6C74A9F7DEE9F19C79B909749C8E1D5D; Path=/; HttpOnly GET / HTTP/1.0 Host: 65.61.137.117:8080 First Found: 2021-11-15T06:23:55Z Last Found: 2021-11-15T06:23:55Z Times Found: 1

Mitigation: Apply the "secure" attribute to session cookies to ensure that they are sent via HTTPS only. More information about this flag can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie.

Finding Id : 20645904