My b2evolution Version: Not Entered

ScanAlert informed us about a vulnerability classified as level 2 (low) risk. However, we would like to fix it. It seems that b2evolution is sending a persistant cookie to our visitors' computers without encryption. Does somebody know why this software would need to send this kind of cookie? Session control for instance? and how can we fix it. If there is not a good reason to transmit a persistant cookie, we would prefer to avoid it.