Cookies render HTTPS sessions vulnerable to data leaks

CERT put out an announcement last week regarding the risks of cookies that were established via HTTP requests and how they present a threat to HTTPS sessions, due to the fact that web browsers sometimes don’t authenticate a domain that is setting a cookie. So what does that mean? It means a savvy attacker might be able to set a cookie and use it later with an HTTPS session instead of the “real” cookie set by the site. Not a good thing.

Find out more about this and what you can do to mitigate the risk, here:
http://www.securityweek.com/cookies-render-https-sessions-vulnerable-data-leaks

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top