DerScanner
Home / Vulnerability Database / Dart : Cookie: broad path
Dart

Dart : Cookie: broad path

Classification

OWASP Top 10 2013
A2-Broken Authentication and Session Management
OWASP Top 10 2017
A2-Broken AuthenticationA3-Sensitive Data Exposure
OWASP Top 10 2021
A2-Cryptographic FailuresA4-Insecure DesignA7-Identification and Authentication Failures
OWASP ASVS
Session Management
PCI DSS 4.0
6.2.4
HIPAA
§164.312 (e)(1)
CWE
CWE-1028

Overview

The path in the cookie is incorrect. An ill-defined path (for example, /) is unsafe, because in this case, a vulnerability in one application may reveal a vulnerability in other applications in the same domain.

Confidential data leak vulnerabilities rank third in the OWASP Top 10 2017 web application vulnerabilities.

References

  1. OWASP: Top 10 2017 A2-Broken Authentication
  2. OWASP: Top 10 2013-A2-Broken Authentication and Session Management
  3. OWASP: Top 10 2013-A5-Security Misconfiguration
  4. Origin Cookies: Session Integrity for Web Applications (pdf)
  5. CWE CATEGORY: OWASP Top Ten 2017 Category A2 - Broken Authentication
MEDIUM

DerScanner Severity Score

Do you want to fix Dart : Cookie: broad path in your application?

See also

Dart

Dart : Cookie: broad domain

Dart

Dart : Undocumented feature: special account

Dart

Dart : Hardcoded password