SYM_PHP_0006 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Exposure of Sensitive Information to an Unauthorized Actor
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Found a configuration file where the domain attribute is not set to null. It is recommended (unless you are using sub-domain route registrations) to set this attribute to null so that only the same origin can set the cookie, thus protecting your cookies.