Persistent Cookie Utilization

Info Nessus Network Monitor Plugin ID 4667

Synopsis

The remote web server utilizes persistent cookies.

Description

The remote web server utilizes persistent cookies. Persistent cookies are stored on the hard drive by the user browser. If there is confidential data within the cookies (such as user ID, authentication tokens, etc.), an attacker with access to the hard drive can view this data.

Solution

Ensure that persistent cookies are not used for any sort of confidential data. Note: PVS only reports on the first occurence of this item on a web server. Parse your entire web source for similar occurrences.

See Also

http://www.owasp.org/index.php/Logout_and_Browser_Cache_Management_Testing_AoC

Plugin Details

Severity: Info

ID: 4667

File Name: 4667.prm

Family: Web Servers

Published: 2008/09/15

Modified: 2015/06/01

Dependencies: 1442

Risk Information

Risk Factor: Info