Cookie without Secure attribute in usememos/memos
Dec 21st 2022
At the moment, memos_session has the value false at secure flag.
Proof of Concept
Access to web demo https://demo.usememos.com/
Use browser's dev tool to check the cookie, we can see there is a memos_session having value false at Secure.
User's cookies can be sent to the server with an unencrypted request over the HTTP protocol. This is not secure.