Description

The system does not set the Secure attribute for sensitive cookies, which could cause them to be sent through an insecure channel.

Impact

Obtain sensitive information by performing a MiTM attack.

Recommendation

The application must set the Secure attribute in the cookies with sensitive information.

Threat

Unauthorized attacker from adjacent network performing a MitM.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

Fixes