This CWE entry discusses the vulnerability when setting the SameSite attribute of a sensitive cookie to 'Lax'. It explains the risk of CSRF attacks and limitations in protection.

CWE-1345: Broken Access Control: Weaknesses in OWASP Top Ten (2021)

CWE-1396: Improper Access Control

Learn about CWE-1275, where setting the SameSite attribute of a sensitive cookie to 'Lax' can expose to CSRF attacks. Understand the defense limitations and potential risks involved.

CWE-1275: Sensitive Cookie with SameSite 'Lax' Attribute May Be Vulnerable to CSRF Attacks

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CWE-1275: Sensitive Cookie with SameSite 'Lax' Attribute May Be Vulnerable to CSRF Attacks

Is your System Free of Underlying Vulnerabilities? Find Out Now

Is your System Free of Underlying Vulnerabilities?
Find Out Now