If a website is running on HSTS and it is setting about 20 cookies. Out of those 20 cookies 15 are both secure and HTTP-only and remaining 5 are neither. In this scenario, in what ways can we compromise the security of the website?
Asked
Active
Viewed 1,604 times
1 Answers
2
The non HTTP Only cookies could be compromised if there are any XSS flaws on the website.
The non secure flagged cookies could be compromised if the user was using a browser that does not support HSTS (such as Internet Explorer 10). This would be a MITM attack on a normal HTTP connection to any server in order to redirect to the HTTP version of the domain and then intercept the sent cookies.
The Secure and HTTP Only cookies could be poisoned if the user hasn't yet visited the site in order for the HSTS policy to be set and the site isn't in the browser's preloaded list. This depends on what the site does with the cookie values, but it could form part of a session fixation attack if an attacker set the cookie value. This would be without the Secure flag being set (because they would be MITMing a HTTP connection), however the server only receives the cookie's name and value and does not know whether the cookie is marked as secure or not on the browser.
SilverlightFox
- 33,408
- 6
- 67
- 178