Plaintext Storage In Cookie

Cleartext storage of sensitive information in a cookie occurs when sensitive data is stored in cookies without any form of encryption, potentially exposing it to unauthorized access.

This vulnerability can lead to information disclosure and can be exploited by attackers who gain access to the cookies.

This vulnerability arises when sensitive information such as usernames, session IDs, or authentication tokens are stored directly in cookie values without being encrypted. This practice poses a security risk because cookies can be intercepted over unsecured channels, or accessed by other scripts (e.g., cross-site scripting attacks).

In this example, the username is stored directly in the cookie without encryption, making it susceptible to interception and unauthorized access. It is crucial to ensure that sensitive data is protected when stored in cookies to prevent information leakage and ensure compliance with data protection regulations.

If possible, do not store sensitive information in cookies. Having sensitive data stored in a cookie could be a sign of bad design. Instead of storing e.g. user details in a cookie, store them at the application backend and use session tokens to identify the user. Proper session handling is essential to prevent session fixation attacks.

If you really need to store sensitive information in a cookie, ensure that it is encrypted at the backend. Use safe encryption standards and cryptographic libraries to achieve this.

Ensure that the cookie is marked as secure, which prevents it from being sent over an insecure channel (e.g., HTTP), and with the httpOnly flag, which prevents it from being accessed by JavaScript in the browser, avoiding exfiltration by exploiting cross-site scripting vulnerabilities.