Details
Alert ID 10011
Alert Type Passive
Status release
Risk Low
CWE 614
WASC 13
Technologies Targeted All
Tags CWE-614
OWASP_2017_A06
OWASP_2021_A05
WSTG-V42-SESS-02
More Info Scan Rule Help

Summary

A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.

Solution

Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.

Other Info

References

Code

org/zaproxy/zap/extension/pscanrules/CookieSecureFlagScanRule.java