Description:
Clarity cookies are not secured even when HTTPS communication method is chosen. This is a potential security vulnerability within Clarity itself.
Environments tested:
Security scans are detecting the following behavior:
Cookies are being sent over an unsecured channel and/or the content of the cookies when sent over the unsecured channels are not encrypted even for an SSL negotiated connection. Recommendation from most scans is to set HTTP-Only and Secure flags meaning the cookie would only use this cookie via HTTPS connections.
Release: ESPCLA99000-12.1-Clarity-Extended Support Plus
Component:
Solution:
WORKAROUND:
No work around is available at this time for the absence of the secure session cookie.
STATUS/RESOLUTION:
Resolved in Clarity 13.2
Keywords: CLARITYKB, CLRT-66212, clarity13resolved, clarity132resolved.