Cookie without “Secure “ and “ HttpOnly ” flag attribute in unilogies/bumsys

Valid

Reported on

Jan 20th 2023

Description

HttpOnly and Secure attribute is not set for session cookies in the application.

Proof of Concept

https://drive.google.com/file/d/1ZAanmAbOn-jSf6ZMS5JIQKUzJ78fUrea/view?usp=sharing

Impact

The " Secure flag "ensures that the cookie is only sent over a secure (HTTPS) connection, while the "Httponly flag" prevents the cookie from being accessed by JavaScript, which helps to protect against XSS attacks. Without these flags, an attacker may be able to intercept and steal the cookie, which could be used to gain unauthorized access to a user's account.

References

We are processing your report and will contact the unilogies/bumsys team within 24 hours. a year ago

A GitHub Issue asking the maintainers to create a SECURITY.md exists a year ago

We have contacted a member of the unilogies/bumsys team and are waiting to hear back 10 months ago

Khurshid Alam validated this vulnerability 10 months ago

@ctflearner, We have already used HttpOnly flag. But as of development, currently the line is commented.

And we will add secure attribute in next release.

loader.php L18

Thank you.

ctflearner has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

ctflearner

commented 10 months ago

Researcher

@ khurshid Alam . I would be glad if you could assign a CVE for this

Khurshid Alam marked this as fixed in v1.0.3 with commit e1632b 10 months ago

has been awarded the fix bounty

This vulnerability will not receive a CVE

Khurshid Alam published this vulnerability 10 months ago

ctflearner

commented 10 months ago

Researcher

@admin , can you please assign CVE for this

Ben Harvie

commented 10 months ago

Admin

CVE assignment is in the hands of the maintainer, please refrain from tagging admins for this request. Thanks.

to join this conversation

We are processing your report and will contact the unilogies/bumsys team within 24 hours. a year ago

A GitHub Issue asking the maintainers to create a SECURITY.md exists a year ago

We have contacted a member of the unilogies/bumsys team and are waiting to hear back 10 months ago

Khurshid Alam validated this vulnerability 10 months ago

@ctflearner, We have already used HttpOnly flag. But as of development, currently the line is commented.

And we will add secure attribute in next release.

loader.php L18

Thank you.

ctflearner has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

ctflearner

commented 10 months ago

Researcher

@ khurshid Alam . I would be glad if you could assign a CVE for this

Khurshid Alam marked this as fixed in v1.0.3 with commit e1632b 10 months ago

has been awarded the fix bounty

This vulnerability will not receive a CVE

Khurshid Alam published this vulnerability 10 months ago

ctflearner

commented 10 months ago

Researcher

@admin , can you please assign CVE for this

Ben Harvie

commented 10 months ago

Admin

CVE assignment is in the hands of the maintainer, please refrain from tagging admins for this request. Thanks.

to join this conversation