Summary
Cookie Does Not Contain The "secure" Attribute
OWASP A5 Security Misconfiguration
WASC WASC-4 INSUFFICIENT TRANSPORT LAYER PROTECTION
CVSS V3 Base 4.3 CVSS V3 Temporal 4.1 CVSS V3 Attack Vector Network
Details
The cookie does not contain the "secure" attribute.
PoC
leantime 2.3.23
Detection Information
Cookie Name(s): sid, language
Authentication: In order to detect this vulnerability, no authentication has been required.
Cookie Name(s): theme
Authentication: In order to detect this vulnerability, no authentication has been required.
Access Path
Here is the path followed by the scanner to reach the exploitable URL:
https://leantime-selfhost.com/
Impact
Cookies with the "secure" attribute are only permitted to be sent via HTTPS. Cookies sent via HTTP expose an unsuspecting user to sniffing attacks that could lead to user impersonation or compromise of the application account.
Solution
If the associated risk of a compromised account is high, apply the "secure" attribute to cookies and force all sensitive requests to be sent via HTTPS.
vasopikof Reporter
Summary
Cookie Does Not Contain The "secure" Attribute
OWASP A5 Security Misconfiguration
WASC WASC-4 INSUFFICIENT TRANSPORT LAYER PROTECTION
CVSS V3 Base 4.3 CVSS V3 Temporal 4.1 CVSS V3 Attack Vector Network
Details
The cookie does not contain the "secure" attribute.
PoC
leantime 2.3.23
Detection Information
Cookie Name(s): sid, language
Authentication: In order to detect this vulnerability, no authentication has been required.
Cookie Name(s): theme
Authentication: In order to detect this vulnerability, no authentication has been required.
Access Path
Here is the path followed by the scanner to reach the exploitable URL:
https://leantime-selfhost.com/
Impact
Cookies with the "secure" attribute are only permitted to be sent via HTTPS. Cookies sent via HTTP expose an unsuspecting user to sniffing attacks that could lead to user impersonation or compromise of the application account.
Solution
If the associated risk of a compromised account is high, apply the "secure" attribute to cookies and force all sensitive requests to be sent via HTTPS.