Pcs · Pcs · CVE-2015-1848
**Name of the Vulnerable Software and Affected Versions**
PCS versions 0.9.137 and earlier
**Description**
The issue concerns the pcs daemon (pcsd) in PCS, where it fails to set the secure flag for a cookie in an https session. This oversight makes it easier for remote attackers to capture the cookie by intercepting its transmission within an http session.
**Recommendations**
For versions 0.9.137 and earlier, consider updating to a version that sets the secure flag for cookies in https sessions to prevent interception. As a temporary workaround, restrict access to sensitive operations that rely on the secure transmission of cookies until a patch is available.