CWE-614

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

AI Translation Available

The Secure attribute for sensitive cookies in HTTPS sessions is not set.

Status

draft

Abstraction

variant

Affected Platforms

Web Based

Technical Details

AI Translation

confidentiality

read application data

automated static analysis

Phases:

implementation

Descriptions:

• Always set the secure attribute when the cookie should be sent via HTTPS only.

AI Generated Translation

riservatezza

leggere dati applicazione

analisi statica automatizzata

Phases:

implementazione

Descriptions:

• Impostare sempre l'attributo secure quando il cookie deve essere inviato esclusivamente tramite HTTPS.