Standardlikelihood: Mediumseverity: MediumDraft

CAPEC-196Session Credential Falsification through Forging

Abstraction
Standard
Status
Draft
Likelihood
Medium
Severity
Medium

Description

An attacker creates a false but functional session credential in order to gain or usurp access to a service. Session credentials allow users to identify themselves to a service after an initial authentication without needing to resend the authentication information (usually a username and password) with every message. If an attacker is able to forge valid session credentials they may be able to bypass authentication or piggy-back off some other authenticated user's session. This attack differs from Reuse of Session IDs and Session Sidejacking attacks in that in the latter attacks an attacker uses a previous or existing credential without modification while, in a forging attack, the attacker must create their own credential, although it may be based on previously observed credentials.

Related weaknesses· 2

CWE-384CWE-664

MITRE ATT&CK crosswalk· 3

T1134.002: Access Token Manipulation: Create Process with TokenT1134.003: Access Token Manipulation: Make and Impersonate TokenT1606: Forge Web Credentials

Related attack patterns· 3

CAPEC-384 (CanPrecede)CAPEC-61 (CanPrecede)CAPEC-21 (ChildOf)

Exploits2

TypeTargetConfidenceTier
WeaknessImproper Control of a Resource Through its Lifetimecwe-664100%live
WeaknessSession Fixationcwe-384100%live

Related to3

TypeTargetConfidenceTier
SubTechniqueMake and Impersonate Tokent1134.003100%live
SubTechniqueCreate Process with Tokent1134.002100%live
TechniqueForge Web Credentialst1606100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Session Credential Falsification through Manipulation
CAPEC
Session Credential Falsification through Prediction
CAPEC
Identity Spoofing
CAPEC
Session Fixation
CAPEC
Session Sidejacking
CAPEC
Authentication Abuse
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.