Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V14 - Config

Missing Secure or HTTPOnly Cookie Flag

POC

  • Intercept the HTTP request
  • Observe that the Set-Cookie is missing the 'Secure' or/and 'HttpOnly' flags.

Impact

Very Low

Likelihood

Very Low