Detections
Analytics
Persistent Cookie Utilization
info Nessus Network Monitor Plugin ID 4667
Synopsis
The remote web server utilizes persistent cookies.Description
The remote web server utilizes persistent cookies. Persistent cookies are stored on the hard drive by the user browser. If there is confidential data within the cookies (such as user ID, authentication tokens, etc.), an attacker with access to the hard drive can view this data.Solution
Ensure that persistent cookies are not used for any sort of confidential data. Note: NNM only reports on the first occurence of this item on a web server. Parse your entire web source for similar occurrences.See Also
http://www.owasp.org/index.php/Logout_and_Browser_Cache_Management_Testing_AoC