Leakage of sensitive data in cookie

Overview

Rule ID: java_lang_cookie_leak
Applicable Languages: Java
Weakness ID: CWE-315

Description

Leakage of sensitive data through cookies can result in a data breach. This vulnerability arises when sensitive information is stored in browser cookies, making it susceptible to unauthorized access.

Remediation Guidelines

Do not store sensitive data in unencrypted cookies, as it can expose this information to potential security threats.
```
Cookie cookie = new Cookie("user", user.email);
```

References

CWE-315: Cleartext Storage of Sensitive Information in a Cookie
A05:2021 - Security Misconfiguration

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousLeakage of Information in Logger Message NextLeakage of sensitive data in exception message

Last updated 8 months ago