Vulnerability Description
The Secure attribute for sensitive cookies in HTTPS sessions is not set. This allows a browser to send these cookies in plaintext over an HTTP session.

Impact
A session identifier or other sensitive information can be leaked outside of an encrypted channel. An attacker can leverage this vulnerability to sniff or intercept the cookie. Once this identifier is compromised, the attacker can use the cookie to access the application as the victim.

Verification and Attack Information
During an application walkthrough, Praetorian noted that the Secure flag was not set for session cookies. Praetorian demonstrated the risk of this issue by making a request to the HTTP version of the site while authenticated. This simulates an authenticated user navigating to the workterra.net via an HTTP URL. This would allow an attacker suitably positioned on the network to capture a user's session cookie.

Recommendation
As part of best practice, all cookies should be marked with the secure flag when initially set into the user’s browser.

References
https://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)
https://www.owasp.org/index.php/SecureFlag