Detailedlikelihood: Highseverity: HighDraft
CAPEC-60Reusing Session IDs (aka Session Replay)
Abstraction
Detailed
Status
Draft
Likelihood
High
Severity
High
Description
This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
Metadata: detailed CAPEC pattern, status draft, likelihood high, severity high. Underlying weaknesses: CWE-294, CWE-290, CWE-346, CWE-384, CWE-488 (and 5 more). Mapped ATT&CK techniques: [object Object], [object Object]. Related CAPEC pattern: [object Object].
Related weaknesses· 10
MITRE ATT&CK crosswalk· 2
Related attack patterns· 1
Exploits10
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Weakness | Improper Control of a Resource Through its Lifetimecwe-664 | 100% | live |
| Weakness | Improper Authorizationcwe-285 | 100% | live |
| Weakness | Authentication Bypass by Spoofingcwe-290 | 100% | live |
| Weakness | Use of Persistent Cookies Containing Sensitive Informationcwe-539 | 100% | live |
| Weakness | Session Fixationcwe-384 | 100% | live |
| Weakness | Incorrect Permission Assignment for Critical Resourcecwe-732 | 100% | live |
| Weakness | Origin Validation Errorcwe-346 | 100% | live |
| Weakness | Authentication Bypass by Capture-replaycwe-294 | 100% | live |
| Weakness | Exposure of Data Element to Wrong Sessioncwe-488 | 100% | live |
| Weakness | Exposure of Sensitive Information to an Unauthorized Actorcwe-200 | 100% | live |
Related to2
| Type | Target | Confidence | Tier |
|---|---|---|---|
| SubTechnique | Token Impersonation/Theftt1134.001 | 100% | live |
| SubTechnique | Web Session Cookiet1550.004 | 100% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.