CWE: 614 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute)
This call to javax.servlet.http.HttpServletResponse.addCookie() adds a cookie to the HTTP response that does not have the Secure attribute set. Failing to set this attribute allows the browser to send the cookie unencrypted over an HTTP session. Set the Secure attribute for all cookies used by HTTPS sessions.References: CWEOWASP
https://github.com/gwhittemore-veracode/Veracode-GW-Training-demo/blob/2add22ec1b5a85a51e5134a9af33bf2e99488d44/com/veracode/verademo/utils/UserFactory.java#L91-L101
Filename: com/veracode/verademo/utils/UserFactory.java
Line: 96
CWE: 614 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute)
This call to javax.servlet.http.HttpServletResponse.addCookie() adds a cookie to the HTTP response that does not have the Secure attribute set. Failing to set this attribute allows the browser to send the cookie unencrypted over an HTTP session. Set the Secure attribute for all cookies used by HTTPS sessions. References: CWE OWASP