A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the requireSSL attribute, potentially compromising session security and authentication state.
Weakness
The Secure attribute for sensitive cookies in HTTPS sessions is not set.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Xperience | Kentico | * | 13.0.164 (including) |