CAPEC-61: Session Fixation
ID
CAPEC-61
Typical Severity
High
Likelihood Of Attack
Medium
Status
Draft
The attacker induces a client to establish a session with the target software using a session identifier provided by the attacker. Once the user successfully authenticates to the target software, the attacker uses the (now privileged) session identifier in their own transactions. This attack leverages the fact that the target software either relies on client-generated session identifiers or maintains the same session identifiers after privilege elevation.
Weaknesses
Taxonomiy Mapping
Type | # ID | Name |
---|---|---|
WASC | 37 | Session Fixation |
OWASP Attacks | Session fixation |