NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel.