VYPR

CWE-784

Reliance on Cookies without Validation and Integrity Checking in a Security Decision

VariantDraftLikelihood: High

Description

The product uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.

Attackers can easily modify cookies, within the browser or by implementing the client-side code outside of the browser. Attackers can bypass protection mechanisms such as authorization and authentication by modifying the cookie to contain an expected value.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (3)

  • CVE-2023-3050CriJun 13, 2023
    risk 0.64cvss 9.8epss 0.01

    Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.This issue affects Lockcell: before 15.

  • CVE-2026-45055HigMay 13, 2026
    risk 0.46cvss 8.1epss 0.00

    CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6.6.x – 6.7.1 builds CC_STORE_URL directly from the Host request header at bootstrap, with no allowlist. The constant is embedded verbatim into transactional email links, most critically the password-reset…

  • CVE-2020-8184Jun 19, 2020
    risk 0.00cvss epss 0.03

    A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.