Cookie without Secure flag in thorsten/phpmyfaq

Valid

Reported on

Sep 8th 2023


Description

Access and login to the website.

Press F12 on your keyboard or right-click on the website to open dev-tool.

At Application tab, choose Cookies and there are some sensitive cookies without Secure flag.

Proof of Concept

https://docs.google.com/document/d/1YVviy1mBrbc8Z2PaSizfaoDrTkW0bPlg0nv3WF_hSVQ/

-you can see i use https but the secure is still false/uncheck-

Impact

If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope.

An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. 5 months ago
We have contacted a member of the thorsten/phpmyfaq team and are waiting to hear back 5 months ago
thorsten/phpmyfaq maintainer has acknowledged this report 5 months ago
Thorsten Rinne gave praise 5 months ago
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
Thorsten Rinne validated this vulnerability 5 months ago
nyeooo has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Thorsten Rinne marked this as fixed in 3.2.1 with commit fdacff 5 months ago
Thorsten Rinne has been awarded the fix bounty
Session.php#L400 has been validated
This vulnerability has now been published 4 months ago
to join this conversation