CVE-2022-32777

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 11.6

Description An information disclosure issue exists in the cookie functionality. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, allowing it to be leaked over non-HTTPS connections. This could enable an attacker to steal the session cookie via crafted HTTP requests.

Recommendations For WWBN AVideo version 11.6, consider setting the HttpOnly and secure flags for the session cookie to prevent it from being accessed via JavaScript and leaked over non-HTTPS connections. As a temporary workaround, restrict access to sensitive information that could be compromised by a stolen session cookie until a patch is available.