SYM_JAVA_0143 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Cookies are being created without explicitly setting the 'secure' flag to true, which means they can be transmitted over unencrypted HTTP connections. This exposes sensitive cookie data to network eavesdroppers.
Impact
If exploited, attackers could intercept cookies containing session or authentication information over insecure networks, leading to account hijacking, session fixation, or exposure of sensitive user data. This compromises both user privacy and application security.