User Credentials Stored in Cookie

Info Nessus Network Monitor Plugin ID 4677

Synopsis

The remote web server was just observed passing a 'Set-Cookie' directive with what appears to be user ID or password information.

Description

The remote web server was just observed passing a 'Set-Cookie' directive with what appears to be user ID or password information. Examine the following cookie to ensure that confidential data is not being passed via a plain text cookie.

Solution

Ensure that confidential data is not present within the cookie.

Plugin Details

Severity: Info

ID: 4677

File Name: 4677.prm

Family: Data Leakage

Published: 2008/09/15

Modified: 2015/06/01

Dependencies: 1442

Risk Information

Risk Factor: Info