6.0.0-beta1
7/19/25

[#7904] Horde Mail Insecure Cookie Sanitization over HTTPS
Summary Horde Mail Insecure Cookie Sanitization over HTTPS
Queue Horde Base
Queue Version 3.3.3
Type Bug
State Duplicate
Priority 2. Medium
Owners
Requester adi.zerok (at) gmail (dot) com
Created 01/27/2009 (6017 days ago)
Due 01/28/2009 (6016 days ago)
Updated 01/27/2009 (6017 days ago)
Assigned
Resolved 01/27/2009 (6017 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch No

History
01/27/2009 07:17:05 PM Chuck Hagenbuch Comment #2
State ⇒ Duplicate		 Reply to this comment
Please keep discussion in one ticket (#7903)
01/27/2009 07:02:07 PM adi (dot) zerok (at) gmail (dot) com Comment #1
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Type ⇒ Bug
Summary ⇒ Horde Mail Insecure Cookie Sanitization over HTTPS
Due ⇒ 01/28/2009
Queue ⇒ Horde Base
Milestone ⇒
Patch ⇒ No		 Reply to this comment
It is possible to send a cookies over HTTP even when HTTPS is 
implemented during insecure state of cookie. The parameters are not 
properly structured in set cookie parameter. On security basis secure 
parameter should be applied in the cookie arguments to prevent the 
transference of cookies over HTTP.



This can be possible to Surf Jacking attacks.








New Ticket
My Tickets
Search
Query Builder
Reports

Saved Queries

Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers