Application over HTTPS channel without "SECURE" flag cookie is vulnerable to Session Hijacking.
Condition:
1) User must be authenticated [Like CSRF]
2) Secure flag not set
3) HSTS not implemented
Example Domain: https://example.com
Steps to Attack:
- Attacker forces the victim to click "http://example.com"(via email or other source), the 1st request to the server will be in clear text with all the cookie for that domain(example.com).
- Then the server will redirect HTTP request to HTTPS.
- Attacker can sniff the 1st request and get the cookie.
Mitigation:
- Set "SECURE" flag for all session cookie
- Implement HSTS (HTTP Strict-Transport-Security)
No comments:
Post a Comment