Exposure of Sensitive Information Due to Incompatible Policies in sergix44/xbackbone
Jul 30th 2021
According to  we have :
The secure attribute is an option that can be set by the application server when sending a new cookie to the user within an HTTP Response. The purpose of the secure attribute is to prevent cookies from being observed by unauthorized parties due to the transmission of the cookie in clear text
and Cookies in your application don't set secure attribute then attacker with man in the middle attack can easily steal you users credentials in untrusted network.
This vulnerability is capable of take control of user's account.
 https://owasp.org/www-community/controls/SecureCookieAttribute  https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies