Checkmarx (SAST): HttpOnlyCookies
Security Issue: Read More about HttpOnlyCookies
Checkmarx Project: Nova-8/Damm-Vulnerable-CSharp-API
Repository URL: https://github.com/Nova-8/Damm-Vulnerable-CSharp-API
Branch: master
Scan ID: 2f22541b-da6c-459f-9285-99da61e0ed7d
The web application's GetTokenSSO method creates a cookie Cookies, at line 44 of /Controllers/AuthorizationsController.cs, and returns it in the response. However, the application is not configured to automatically set the cookie with the "httpOnly" attribute, and the code does not explicitly add this to the cookie.
Result 1:
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
Attack Vector:
1. Cookies: /Controllers/AuthorizationsController.cs[44,72]
Review result in Checkmarx One: HttpOnlyCookies
Result 2:
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
Attack Vector:
1. ssoCookieData: /Controllers/AuthorizationsController.cs[44,21]
Review result in Checkmarx One: HttpOnlyCookies
Checkmarx (SAST): HttpOnlyCookies
Security Issue: Read More about HttpOnlyCookies
Checkmarx Project: Nova-8/Damm-Vulnerable-CSharp-API
Repository URL: https://github.com/Nova-8/Damm-Vulnerable-CSharp-API
Branch: master
Scan ID: 2f22541b-da6c-459f-9285-99da61e0ed7d
The web application's GetTokenSSO method creates a cookie Cookies, at line 44 of /Controllers/AuthorizationsController.cs, and returns it in the response. However, the application is not configured to automatically set the cookie with the "httpOnly" attribute, and the code does not explicitly add this to the cookie.
Result 1:
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
Attack Vector:
1. Cookies: /Controllers/AuthorizationsController.cs[44,72]
Review result in Checkmarx One: HttpOnlyCookies
Result 2:
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
Attack Vector:
1. ssoCookieData: /Controllers/AuthorizationsController.cs[44,21]
Review result in Checkmarx One: HttpOnlyCookies