CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
- Abstraction:Variant
- Structure:Simple
- Status:Draft
- Release Date:2007-05-07
- Latest Modification Date:2023-06-29
Weakness Name
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Description
The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.
Common Consequences
Scope: Confidentiality
Impact: Read Application Data