Leakage of sensitive data in cookie

Overview

Rule ID: java_lang_cookie_leak
Applicable Languages: Java
Weakness ID: CWE-315

Description

Leakage of sensitive data through cookies can result in a data breach. This vulnerability arises when sensitive information is stored in browser cookies, making it susceptible to unauthorized access.

Remediation Guidelines

Do not store sensitive data in unencrypted cookies, as it can expose this information to potential security threats.
```
Cookie cookie = new Cookie("user", user.email);
```

References

Configuration

PreviousLeakage of Information in Logger Message NextLeakage of sensitive data in exception message

Last updated 8 months ago