Description

The system does not set security attributes for sensitive cookies, which could cause them to be sent in plain text or disclosed by unauthorized users on the client side.

Impact

Send plain text session cookies through insecure channels.

Recommendation

The application must set the corresponding security attributes when cookies are generated.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

⏱️ 15 minutes.

Requirements

Fixes