CWE-614
Overview
- CWE ID
- 614
- CWE Name
- Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
- CWE Abstraction
- Variant
- CWE structure
- Simple
- CWE Status
- Draft
Description
The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.
Extended Description
Related CWEs
CWE ID | View ID | Nature | Ordinal |
---|---|---|---|
319 | 1000 | ChildOf | Primary |