Metalikelihood: Highseverity: HighStable
CAPEC-21Exploitation of Trusted Identifiers
Abstraction
Meta
Status
Stable
Likelihood
High
Severity
High
Description
Metadata: meta CAPEC pattern, status stable, likelihood high, severity high. Underlying weaknesses: CWE-290, CWE-302, CWE-346, CWE-539, CWE-6 (and 4 more). Mapped ATT&CK techniques: [object Object], [object Object], [object Object].
Metadata: meta CAPEC pattern, status stable, likelihood high, severity high. Underlying weaknesses: CWE-290, CWE-302, CWE-346, CWE-539, CWE-6 (and 4 more). Mapped ATT&CK techniques: [object Object], [object Object], [object Object].
Related weaknesses· 9
MITRE ATT&CK crosswalk· 3
Exploits9
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Weakness | External Control of Critical State Datacwe-642 | 100% | live |
| Weakness | Authentication Bypass by Spoofingcwe-290 | 100% | live |
| Weakness | Use of Persistent Cookies Containing Sensitive Informationcwe-539 | 100% | live |
| Weakness | Improper Control of a Resource Through its Lifetimecwe-664 | 100% | live |
| Weakness | Authentication Bypass by Assumed-Immutable Datacwe-302 | 100% | live |
| Weakness | J2EE Misconfiguration: Insufficient Session-ID Lengthcwe-6 | 100% | live |
| Weakness | Origin Validation Errorcwe-346 | 100% | live |
| Weakness | Client-Side Enforcement of Server-Side Securitycwe-602 | 100% | live |
| Weakness | Session Fixationcwe-384 | 100% | live |
Related to3
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Technique | Steal Web Session Cookiet1539 | 100% | live |
| Technique | Steal Application Access Tokent1528 | 100% | live |
| Technique | Access Token Manipulationt1134 | 100% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.