TLS-Cookie x-cache-context-hash without set Secure-Flag
By https://...-prod.operations.dynamics.com/ the following cookie was issued by the application and does not have the security flag set: x-cache-context-hash The cookie appears to contain no session token, which can reduce the risk associated with this problem.
If the security flag for a cookie is set, browsers do not send the cookie in requests that use an unencrypted HTTP connection, preventing the cookie from being easily intercepted by an attacker who is monitoring network traffic.
If the security flag is not set, the cookie is transmitted in plaintext when the user visits HTTP URLs within the scope of the cookie. An attacker may be able to induce this event by providing a user with suitable links either directly or via another website.
Even if the domain that issued the cookie does not host content that is accessed via HTTP, an attacker may be able to use links of the form http://example.com:443/ to carry out the same attack. To exploit this vulnerability, an attacker must be in a suitable position to eavesdrop on the victim’s network traffic. This scenario usually occurs when a client communicates with the server over an insecure connection, such as public Wi-Fi or a corporate or home network shared with an infected computer.
Common defensive measures such as Switched Networks are not sufficient to prevent this. An attacker who is in the user’s ISP or in the application’s hosting infrastructure could also carry out this attack. Note that an advanced attacker could potentially attack any connection established over the core infrastructure of the Internet.
The security flag should be set on all cookies that are used to transmit confidential data when accessing content over HTTPS. If cookies are used to transmit session tokens, areas of the application that are accessed via HTTPS should use their own session handling mechanism and the session tokens used should never be transmitted over unencrypted communication.
Implementation Recommendation: Ensure that the x-cache-context-hash cookie is configured with the Secure flag by the server or application that sets the cookie. Verify that all parts of the application that use this cookie are served over HTTPS to maintain the integrity of the Secure flag.
Additional Consideration: HttpOnly Flag: Consider also setting the HttpOnly flag on this cookie. This flag prevents client-side scripts (e.g., JavaScript) from accessing the cookie, which helps protect it from cross-site scripting (XSS) attacks.
Summary: Setting the Secure flag on the x-cache-context-hash cookie is a recommended security measure to ensure that it is only transmitted over secure, encrypted connections, reducing the risk of interception and enhancing the overall security of your web application.