Apache · Apache Guacamole · CVE-2018-1340
**Name of the Vulnerable Software and Affected Versions**
Apache Guacamole versions prior to 1.0.0
**Description**
The issue concerns the use of a cookie for client-side storage of the user's session token. This cookie lacks the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain.
**Recommendations**
For versions prior to 1.0.0, update to version 1.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the application over unencrypted HTTP to minimize the risk of session token interception.