Session Cookie without HttpOnly and secure flag set
None
Vulnerability Details
vulnerable URL: www.stellar.org
The PHPSESSID cookie does not have the HTTPOnly flag set.
When a cookie is set with the HTTPOnly flag, it instructs the browser that the cookie can only accessed by the server and not by client-side scripts.
This is an important security protection for session cookies.
reference : https://hackerone.com/reports/75357
{F193713}
Actions
View on HackerOneReport Stats
- Report ID: 239380
- State: Closed
- Substate: informative
- Upvotes: 3