A threat actor may trick a user into using a known session identifier to log in. after logging in, the session identifier is used to gain access to the user's account.
- Threat actor visits the vulnerable website without logging in and obtains a session identifier
- Threat actor tricks a victim into logging into the vulnerable website using the session identifier
- Threat actor uses the same session identifier to gain unauthorized access to the victim's account
Vary
- Gain unauthorized access
- Identity confirmation
- Regenerate session ids at authentication
- Timeout and replace old session ids
- Store ids in HTTP cookies
ecd7744c-83b0-406c-a58d-63d057a5570b