Cookie without “Secure “ and “ HttpOnly ” flag attribute in unilogies/bumsys
Jan 20th 2023
HttpOnly and Secure attribute is not set for session cookies in the application.
Proof of Concept
@ctflearner, We have already used HttpOnly flag. But as of development, currently the line is commented.
And we will add secure attribute in next release.
@ khurshid Alam . I would be glad if you could assign a CVE for this
@admin , can you please assign CVE for this
CVE assignment is in the hands of the maintainer, please refrain from tagging admins for this request. Thanks.