Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Cookies render HTTPS sessions vulnerable to data leaks

Cookies render HTTPS sessions vulnerable to data leaks

2015/09/26

Securityweek - (International) The Computer Emergency Readiness Team (CERT) published an advisory warning that cookies established via regular Hypertext Transfer Protocol (HTTP) requests are a security flaw for HTTP Secure (HTTPS) sessions, and that an attacker could set a cookie to be later used via an HTTPS connection instead of the original Web site, potentially gaining access to private information.

Source: http://www.securityweek.com/cookies-render-https-sessions-vulnerable-data-leaks

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:25:21