Jan 19, 17 / Aqu 19, 01 21:15 UTC

Web Site vulnerability  

Vulnerability URL: https://asgardia.space/en/login And https://asgardia.space/en/password/reset

Vulnerability Name: Cookie Not Marked as Secure

Detail: https://www.netsparker.com/web-vulnerability-scanner/vulnerability-security-checks-index/cookie-not-marked-as-secure/

  Last edited by:  Furkan Akca (Asgardian)  on Jan 19, 17 / Aqu 19, 01 21:16 UTC, Total number of edits: 1 time

Jan 23, 17 / Aqu 23, 01 22:48 UTC

Hello @furkiak, could you explain a bit more what the vulnerability is? I understand it's because the cookie is "not marked as secure", but what kind of threat does that allow? Thank you.

Jan 25, 17 / Aqu 25, 01 20:43 UTC

Did you even follow the link?

This cookie will be transmitted over a HTTP connection, therefore if this cookie is important (such as a session cookie), an attacker might intercept it and hijack a victim's session. If the attacker can carry out a man-in-the-middle attack, he/she can force the victim to make an HTTP request to steal the cookie.

Edit The Only Cookie I have is needed to be logged in. As I get logged out as soon as I delete it and can not log in until I accept that cookie.

  Last edited by:  Jonathan Stephan (Asgardian)  on Jan 25, 17 / Aqu 25, 01 20:49 UTC, Total number of edits: 1 time

Jan 26, 17 / Aqu 26, 01 06:19 UTC

I'd like to know, what kind of IT team there is. How big? Who is in there?