HttpOnlyCookies issue exists @ webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java in branch develop
The web application's login method creates a cookie cookie, at line 96 of webgoat-lessons\jwt\src\main\java\org\owasp\webgoat\jwt\JWTVotesEndpoint.java, and returns it in the response. However, the application is not configured to automatically set the cookie with the "httpOnly" attribute, and the code does not explicitly add this to the cookie.
HttpOnlyCookies issue exists @ webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java in branch develop
The web application's login method creates a cookie cookie, at line 96 of webgoat-lessons\jwt\src\main\java\org\owasp\webgoat\jwt\JWTVotesEndpoint.java, and returns it in the response. However, the application is not configured to automatically set the cookie with the "httpOnly" attribute, and the code does not explicitly add this to the cookie.
Severity: Medium
CWE:1004
Vulnerability details and guidance
Internal Guidance
Checkmarx
Training Recommended Fix
Lines: 105 106 110
Code (Line #105):
Code (Line #106):
Code (Line #110):