Ed: Session cookie missing SecureFlag on git.edoverflow.com.

Assigned to:-ED Assigned by:- Kirtikumar Anandrao Ramchandani Assigned on:- 01/05/2018 Bug overview:- Session Cookie without secure flag. Cookie Name:- gitlabsession Description:-Risk description: Since the Secure flag is not set on the cookie, the browser will send it over an unencrypted channel...

Insecure Cookies

github.com/sensu/uchiwa doesn't use correctly secured cookies for sensitive information. The SecureFlag is currently not being set in the AuthenticationToken and the XSRF-Token cookies. This allows attackers to observe the cookies as they are sent in plaintext...