ssl cookie without secure flag set
State Informative (Closed)
Disclosed publicly 2019-02-04T11:33:35.942Z
Reported To
Weakness Violation of Secure Design Principles
Bounty
Collapse

Summary by hossammesbah21

Missed Secure flag for health.mail.ru session cookie was reported.

Currently, health.mail.ru does not provide user's access to any protected information and does not rely on session cookies as a security mechanism, so this issue is not considered to have any security impact.

Timeline
submitted a report to Mail.ru .
2019-01-21T19:50:39.286Z

Regards,
Frans

  • 0 attachments:
3apa3a Activities::ReportSeverityUpdated
2019-01-21T20:10:34.971Z


3apa3a Activities::BugInformative
2019-01-21T20:15:36.435Z


hossammesbah21 Activities::AgreedOnGoingPublic
2019-01-21T20:25:25.866Z


3apa3a Activities::AgreedOnGoingPublic
2019-02-04T11:33:35.911Z


3apa3a Activities::ReportBecamePublic
2019-02-04T11:33:35.962Z