(06-23-2023, 04:32 AM)pgnair Wrote: Hi TeamHi Alex
A new vulnerability got in the VAPT. How can fix it please?
Thanks
Pramod
Cookie Overly Broad Path Detected
The cookie 'path' attribute signifies the URL or path for which the cookie is valid. If an overly broad path like root '/' is specified in the cookie then it is accessible through other applications on the same domain. Exposing the cookie to all web applications on the domain can lead to sensitive information disclosure like session identifier etc. and can cause one application to compromise another application.
Kindly advise how to fix it?
Currently below attributes are True and 'Same Site' property is set as ssoLax
HTTPOnly
RunCookieCheck
Secure
SessionCookies
Use Cookies
Thanks
Pramod

