1. Athena Session Cookie Security Flaw: Secure Flag Missing, Session Tokens Exposed Over HTTP
A critical security misconfiguration in the Athena platform exposes user session tokens to potential interception. The platform's primary authentication cookie, 'athena-session', and its OAuth2 state cookie are being set without the mandatory 'Secure' flag. This omission means that if any part of the application flow o...