Acunetix found a cookie which looks like a cookie with a signature (MAC). Usually, a signature is used to protect against cookie data tampering. It's very important that an attacker doesn't know a value of secret key used to sign a cookie. Your application is using a weak/known secret key and Acunetix managed to guess this key.


Change the value of secret used with HMAC to a long random string.


Related Vulnerabilities