k Development Mailing List (not for usage questions)"
>
> Sent: Monday, March 2, 2015 4:09:06 PM
> Subject: [openstack-dev] [OSSN 0044] Older versions of noVNC allow session
> theft
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Older versions
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Older versions of noVNC allow session theft
- ---
### Summary ###
Commonly packaged versions of noVNC allow an attacker to hijack user
sessions even when TLS is enabled. noVNC fails to set the secure flag
when setting cookies containing an authenticat
