CP
cyberpings
VulnerabilitiesHIGH

HttpOnly Cookies at Risk from New 'Cookie Sandwich' Technique

Featured image for HttpOnly Cookies at Risk from New 'Cookie Sandwich' Technique
PSPortSwigger Research
HttpOnlycookie sandwichWAFvulnerability
🎯

Basically, a new method lets hackers steal secure cookies from websites.

Quick Summary

A new technique called 'cookie sandwich' can steal secure cookies from websites. This affects users relying on HttpOnly flags for protection. Stay informed and ensure your online security measures are up to date.

What Happened

Imagine a sneaky trick that lets cybercriminals grab sensitive information from websites. Researchers have unveiled the 'cookie sandwich' technique, which can bypass the HttpOnly? flag on certain servers. This flag is designed to protect cookies from being accessed by JavaScript, making it harder for attackers to steal them.

The cookie sandwich technique? builds on previous research about evading Web Application Firewalls (WAFs)? using a special cookie called the phantom $Version cookie?. By exploiting this vulnerability, attackers can potentially steal session cookies and gain unauthorized access to user accounts. This discovery raises serious concerns about the security of many websites that rely on HttpOnly? cookies for protection.

Why Should You Care

You might think your online accounts are safe because of security measures like HttpOnly? cookies, but this research shows that vulnerabilities still exist. If a hacker can steal your session cookies, they could impersonate you on your favorite websites, accessing your personal information, emails, or even banking details.

Imagine leaving your front door unlocked while you’re away. That’s what it feels like when these vulnerabilities exist. It’s crucial to understand that even seemingly secure measures can have loopholes. You should be aware of the potential risks and ensure that your online activities remain secure.

What's Being Done

The cybersecurity community is taking this discovery seriously. Researchers are working on identifying affected servers and developing patches to close this vulnerability. Here are some immediate actions you can take:

  • Update your web applications to ensure they are using the latest security measures.
  • Monitor your accounts for any suspicious activity, especially if you use websites that rely on cookies for authentication.
  • Educate yourself about the importance of cookie security and stay informed about new vulnerabilities.

Experts are closely watching for updates from web developers and security teams regarding patches and fixes. The goal is to mitigate the risks associated with this newly discovered technique and protect users from potential exploitation.

💡 Tap dotted terms for explanations

🔒 Pro insight: The cookie sandwich technique highlights the need for enhanced cookie security measures beyond HttpOnly flags to mitigate exploitation risks.

Original article from

PortSwigger Research

Read Full Article

Share

Related Pings

CRITICALVulnerabilities

Critical RRAS RCE Vulnerabilities Patched in Windows 11

Microsoft released a hotpatch for critical RRAS vulnerabilities in Windows 11. These flaws could allow hackers to execute code remotely. Users should ensure their systems are updated to protect against potential attacks.

Cyber Security News·
HIGHVulnerabilities

FortiGate Firewalls Targeted in High-Severity Exploit Wave

FortiGate firewalls are under attack as hackers exploit critical vulnerabilities. Organizations using these firewalls are at risk of credential theft and network breaches. Immediate patching and credential rotation are essential to mitigate these threats.

Cyber Security News·
HIGHVulnerabilities

March Patch Tuesday Fixes 84 Vulnerabilities Across 15 Products

Microsoft's March Patch Tuesday addressed 84 vulnerabilities across various products. Eight are critical, but none affect Windows directly. Stay updated to protect your systems from potential exploits.

Sophos News·
HIGHVulnerabilities

Microsoft Issues Urgent Hotpatch for Windows 11 RCE Vulnerability

Microsoft has released a critical hotpatch for Windows 11 to fix serious vulnerabilities. Affected devices include Windows 11 Enterprise systems. This update is crucial to prevent remote code execution that could compromise sensitive data.

BleepingComputer·
CRITICALVulnerabilities

Critical Vulnerability in HPE AOS-CX Allows Password Resets

The Flaw Hewlett Packard Enterprise (HPE) has reported a critical-severity vulnerability in its Aruba Networking AOS-CX switches, tracked as CVE-2026-23813. This vulnerability has a CVSS score of 9.8, indicating its severity. It allows attackers to reset administrator passwords remotely and without any authentication, effectively bypassing existing security measures. This flaw affects various models, including the CX 4100i, CX 6000,

SecurityWeek·
HIGHVulnerabilities

Critical LangSmith Vulnerability Exposes Users to Account Takeover

A critical vulnerability in LangSmith could allow hackers to take over user accounts. This flaw affects users who rely on LangSmith for AI data monitoring. Immediate action is required to ensure security and protect sensitive information.

Cyber Security News·