Vulnerabilities > CVE-2023-3520 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in It-Novum Openitcockpit

047910
CVSS 4.6 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
it-novum
CWE-614

Summary

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6.

Vulnerable Configurations

Part Description Count
Application
It-Novum
71

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Session Sidejacking
    Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.