Standardseverity: MediumDraft

CAPEC-464Evercookie

Abstraction
Standard
Status
Draft
Severity
Medium

Description

An attacker creates a very persistent cookie that stays present even after the user thinks it has been removed. The cookie is stored on the victim's machine in over ten places. When the victim clears the cookie cache via traditional means inside the browser, that operation removes the cookie from certain places but not others. The malicious code then replicates the cookie from all of the places where it was not deleted to all of the possible storage locations once again. So the victim again has the cookie in all of the original storage locations. In other words, failure to delete the cookie in even one location will result in the cookie's resurrection everywhere. The evercookie will also persist across different browsers because certain stores (e.g., Local Shared Objects) are shared between different browsers.

Related weaknesses· 1

CWE-359

MITRE ATT&CK crosswalk· 1

T1606.001: Forge Web Credentials: Web Cookies

Related attack patterns· 1

CAPEC-554 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessExposure of Private Personal Information to an Unauthorized Actorcwe-359100%live

Related to1

TypeTargetConfidenceTier
SubTechniqueWeb Cookiest1606.001100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Accessing/Intercepting/Modifying HTTP Cookies
CAPEC
Lifting Sensitive Data Embedded in Cache
CAPEC
Cache Poisoning
CAPEC
Cross Site Request Forgery
Technique
Steal Web Session Cookie
CAPEC
Generic Cross-Browser Cross-Domain Theft
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.