Detectify
Knowledge Base

Back to Knowledge Base

Support Center

Wildcard Cookie Policy

Last Updated: Apr 22, 2017 12:32AM CEST

The cookie’s value can be read or written from all subdomains.

What can happen?

This widens the scope for XSS attacks as an XSS vulnerability on a subdomain can affect the cookies of another subdomain. See our article about XSS for more detailed description of the risks.

Remediation

example.com and sub.example.com can only share cookies if the domain is set in the Set-cookie header. The scope of the cookie is otherwise limited to the request host per default.

If the following header is sent on sub.example.com:

Set-Cookie: name=value

Then the cookie will not be included in requests to example.com. However, if you instead send the following header on sub.example.com:

Set-Cookie: name=value; domain=example.com

Then the cookie will be included in requests towards both sub.example.com and example.com.

As the default is to not set cookies as wildcard, just remove that part of the cookie header to fully remediate this issue. If instead the web application actually requires the cookie to be sent to every subdomain and main domain, then please mark it as an Accepted Risk and we will filter it out in future reports.

Resources

support@detectify.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete