Clarity cookies are not secured even when HTTPS communication method is chosen. This is a potential security vulnerability within Clarity itself.
Security scans are detecting the following behavior:
Cookies are being sent over an unsecured channel and/or the content of the cookies when sent over the unsecured channels are not encrypted even for an SSL negotiated connection. Recommendation from most scans is to set HTTP-Only and Secure flags meaning the cookie would only use this cookie via HTTPS connections.
No work around is available at this time for the absence of the secure session cookie.
Resolved in Clarity 13.2
Keywords: CLARITYKB, CLRT-66212, clarity13resolved, clarity132resolved.
Release: ESPCLA99000-12.1-Clarity-Extended Support Plus