CWE-565— Reliance on Cookies without Validation and Integrity Checking

ipa 3.0 does not properly check server identity before sending credential containing cookies

A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privilege escalation. It is…

An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies.

EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies.

PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows remote attackers to access arbitrary customer accounts via a modified cookie, related to pc_head.php, pc_login.php, and pc_login_page.php.

A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an at…

In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951.

IBM Security Guardium Big Data Intelligence (SonarG) 4.0 does not set the secure attribute for cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext over an HTTP session. IBM X-Force ID: 161210.

IBM Security Secret Server 10.7 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 170044.

IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link i…

Linear eMerge 50P/5000P devices allow Authentication Bypass.

In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing…

When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private …

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.

IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site th…

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies t…

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a…

The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie.

DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid (temporarily) during times when the admin is logged out. In other words, the cookie is…

fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple s…

Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be w…

Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not hav…

grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking

Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If …

rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails' signed/encrypted cookies. Depending on how the application ma…

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.

Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled…

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated attack to send an unsusp…

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows attackers to write files and reset the user passwords without having a valid session cookie.

Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cook…

On Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: "1" to "0" privileges by changing the following cookie values from "is_admin", "showConfig". Administrative Privileges which allows ch…

All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device's web application navigation depends on the value of the session cookie. The web application could becom…

IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811.

ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names…

UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.

Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass. This issue affects Lockcell: before 15.

Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege.

The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.

Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lac…

Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf …

Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user.…

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Cl…

Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response head…

Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github…

The device allows an unauthenticated attacker to bypass authentication and modify the cookie to reveal hidden pages that allows more critical operations to the transmitter.

The application suffers from a privilege escalation vulnerability. An attacker logged in as guest can escalate his privileges by poisoning the cookie to become administrator.