SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session
SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
Each cookie should be carefully reviewed to determine if it contains sensitive data or is relied upon for a security decision. If possible, ensure all communication occurs over an encrypted channel and add the secure attribute to all session cookies or any cookies containing sensitive data.
Web Application Cookies Not Marked Secure
SKYWORTH
SKYWORTH GN542VF - Hardware Version 2.0 and Software Version 2.0.0.16
Web Application Cookies of SKYWORTH GN542VF.
Local
true
This means the cookie could potentially be stolen by an attacker who can successfully intercept and decrypt the traffic, or following a successful man-in-the-middle attack.
Jiraput Thamsongkrah