Login Start Free Trial Login Start Free Trial
 

HawkScan Test Info for Cookie Poisoning

HawkScan Test Info for Cookie Poisoning

Cookie Poisoning

Reference

Plugin Id: 10029 | CWE: 565

Remediation

  1. Prevent user control of cookies: Ensure that user input cannot directly control cookie names or values.
  2. Input validation: Implement strict validation for any parameters that might influence cookie handling.
  3. Filter dangerous characters: Remove or encode semicolons and other cookie delimiter characters from user input.
  4. Use secure cookie handling: Implement proper cookie management practices that don’t rely on user input.

About

Cookie Poisoning occurs when user-supplied input in query string parameters or POST data can control cookie parameters. This vulnerability allows attackers to manipulate cookie values in various ways, potentially bypassing security controls or injecting malicious data into the application’s cookie handling mechanisms.

Risks

Medium Cookie poisoning attacks can lead to session manipulation, authentication bypass, privilege escalation, and injection of malicious data that could affect application logic or other users.