Vulnerabilities > CVE-2023-5866 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in PHPmyfaq

047910
CVSS 5.7 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
phpmyfaq
CWE-614

Summary

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.

Vulnerable Configurations

Part Description Count
Application
Phpmyfaq
257

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Session Sidejacking
    Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.