Detailedseverity: MediumDraft

CAPEC-226Session Credential Falsification through Manipulation

Abstraction
Detailed
Status
Draft
Severity
Medium

Description

An attacker manipulates an existing credential in order to gain access to a target application. Session credentials allow users to identify themselves to a service after an initial authentication without needing to resend the authentication information (usually a username and password) with every message. An attacker may be able to manipulate a credential sniffed from an existing connection in order to gain access to a target server.

Related weaknesses· 2

CWE-565CWE-472

Related attack patterns· 1

CAPEC-196 (ChildOf)

Exploits2

TypeTargetConfidenceTier
WeaknessExternal Control of Assumed-Immutable Web Parametercwe-472100%live
WeaknessReliance on Cookies without Validation and Integrity Checkingcwe-565100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Session Credential Falsification through Forging
CAPEC
Session Fixation
CAPEC
Session Credential Falsification through Prediction
CAPEC
Session Sidejacking
CAPEC
Session Hijacking
CAPEC
Authentication Abuse
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.