HTTP Requests with X-Vercel-Set-Bypass-Cookie Header, (Tue, Apr 28th)

Key Points:

• Observed HTTP requests to a honeypot containing the "X-Vercel-Set-Bypass-Cookie" header, indicating potential attempts to bypass security protections.
• The impact could involve unauthorized access to sensitive information or exploitation of web application vulnerabilities, particularly if misconfigured settings allow for cookie manipulation.
• Recommended actions include monitoring for unusual HTTP headers in traffic, reviewing security configurations related to cookie handling, and validating the use of bypass features in deployment environments.

Technical Details: The "X-Vercel-Set-Bypass-Cookie" header is not documented by Vercel and may be used to relax security settings, potentially exposing secrets stored in cookies. The request was made via an open proxy, suggesting an attempt to obscure the attacker's identity.

MITRE ATT&CK Techniques: None mentioned

IOCs Mentioned:

• IP Address: 21.235.92.139
• Header: X-Vercel-Set-Bypass-Cookie