CXX.SV.INSECURE_COOKIE
Insecure cookie
Klocwork reports a CXX.SV.INSECURE_COOKIE defect when an application uses cookies over a potentially unsecured network communication.
Vulnerability and risk
Cookies sent by using unsecured network communications can disclose important information such as session IDs. These unsecured communications are vulnerable to man-in-the-middle attacks, session hijacking, and the insertion of false information into a session.
Mitigation and prevention
A common mitigation strategy is to ensure that sessions are protected by using a transport encryption protocol such as SSL or TLS. These protocols ensure that authentication of the entities happens on the protocol level and that communications are encrypted for authenticated entities.
Always set the Secure flag when creating a cookie. Review the framework used to generate cookies to understand how to implement this functionality.
Vulnerable code example
void create_cookie(QNetworkCookieJar &cookieJar)
{
QNetworkCookie cookie;
cookieJar.insertCookie(cookie); //CXX.SV.INSECURE_COOKIE
}
Klocwork reports a CXX.SV.INSECURE_COOKIE defect at 4, indicating the use of a cookie that could be used over a potentially unsecured network communication.
Fixed code example
void create_cookie(QNetworkCookieJar &cookieJar)
{
QNetworkCookie cookie;
cookie.setSecure(true);
cookieJar.insertCookie(cookie);
}
Klockwork no longer reports a CXX.SV.INSECURE_COOKIE defect because the Secure flag on the cookie has been set by using a call to setSecure(true).
External guidance
Security training
Application security training materials provided by Secure Code Warrior.