Sensitive Cookie Without Secure Flag in it-novum/openitcockpit

Valid

Reported on

Jun 14th 2023


Description

Access and login to the demo website: https://demo.openitcockpit.io/

Press F12 on your keyboard or right-click on the website to open dev-tool.

At Application tab, choose Cookies and there are some sensitive cookies without Secure flag. (CookieAuth, csrfToken)

Proof of Concept

Link image evidence: https://drive.google.com/file/d/1kW_nDsDCOIv6WHrecj0nFBYWrvnqcXBC/view?usp=sharing

Impact

If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope.

An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.

We are processing your report and will contact the it-novum/openitcockpit team within 24 hours. 8 months ago
A GitHub Issue asking the maintainers to create a SECURITY.md exists 8 months ago
We have contacted a member of the it-novum/openitcockpit team and are waiting to hear back 8 months ago
it-novum/openitcockpit maintainer validated this vulnerability 8 months ago

Hi Chuu, many thanks for contacting us. We can confirm that it would be good to only cookies with secure HTTPS connections. We have created a patch, which will resolve the issue and enables the secure flag for all our cookies. https://github.com/it-novum/openITCOCKPIT/pull/1523/files

Thanks again for contacting us to keep openITCOCKPIT secure. We appreciate this!

uonghoangminhchau has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
it-novum/openitcockpit maintainer marked this as fixed in 4.6.6 with commit 6c717f 8 months ago
The fix bounty has been dropped
Chuu
8 months ago

Researcher


@ maintainer Thank you too.

This vulnerability has now been published 7 months ago
to join this conversation