Sign in or sign up before continuing. Don't have an account yet? Register now to get started.

CWE-319: Cleartext transmission of sensitive information (cookie)

Plugin ID

319.2

Vulnerability Description

The target application was found to set the password in an HTTP cookie value.

Remediation Text

Never send the password in clear text or base64 encoded in HTTP cookies.

External Links

name: "OWASP"
url: "https://owasp.org/www-community/vulnerabilities/Insecure_Transport"
name: "CWE"
url: "https://cwe.mitre.org/data/definitions/319.html"
name: "MDN"
url: "https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content"

Specification

...