Linkedin SSL vulnerability leaves accounts open to hacking
He said that even if you change the password and all settings, the old cookie will be valid and will grant the attacker access to your account.
One of the problems is the availability of cookies sent in plain text over unencrypted channels of communication, posted Narang. He said this is due to SSL cookies not having a secure flag set, as well as appearing to contain session tokens.
The link for this article located at The Inquirer is no longer available.