Sensitive Data In Cookie


Description

The application stores sensitive information in the HTTP cookies. Attackers may gain access to sensitive information if cookies are transmitted or stored insecurely. In addition, cookies are often stored in multiple locations including proxy logs, server logs, and security device logs, among other places, potentially exposing the data to attackers with access to those locations.

Impact

Storing sensitive information in cookies is a risk to the application since attackers may expose cookies in a number of different ways. An attacker who can access a user’s cookies either locally, capture them in transit, or retrieve them from log files of devices such as proxies where they are often stored, can expose sensitive or personal information from the application.

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply