CVE-2020-29024
16.02.2021, 16:15
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| secomea | gatemanager_4250_firmware | * |
| secomea | gatemanager_4260_firmware | * |
| secomea | gatemanager_9250_firmware | * |
| secomea | gatemanager_8250_firmware | 𝑥 < 9.3 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| secomea | gatemanager | 𝑥 < 9.3 | CNA |
Common Weakness Enumeration
- CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' AttributeThe Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.
- CWE-311 - Missing Encryption of Sensitive DataThe software does not encrypt sensitive or critical information before storage or transmission.