icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

User Credentials Stored in Cookie

Info

Synopsis

The remote web server was just observed passing a 'Set-Cookie' directive with what appears to be user ID or password information.

Description

The remote web server was just observed passing a 'Set-Cookie' directive with what appears to be user ID or password information. Examine the following cookie to ensure that confidential data is not being passed via a plain text cookie.

Solution

Ensure that confidential data is not present within the cookie.