Name Accessing/Intercepting/Modifying HTTP Cookies
Summary This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form of this attack involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the attacker to impersonate the remote user/session. The third form is when the cookie's content is modified by the attacker before it is sent back to the server. Here the attacker seeks to convince the target server to operate on this falsified information.
Prerequisites Target server software must be a HTTP daemon that relies on cookies.
Solutions Design: Use input validation for cookies Design: Generate and validate MAC for cookies Implementation: Use SSL/TLS to protect cookie in transit Implementation: Ensure the web server implements all relevant security patches, many exploitable buffer overflows are fixed in patches issued for the software.
Related Weaknesses
CWE ID Description
CWE-20 Improper Input Validation
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-311 Missing Encryption of Sensitive Data
CWE-315 Cleartext Storage of Sensitive Information in a Cookie
CWE-384
CWE-472 External Control of Assumed-Immutable Web Parameter
CWE-539 Information Exposure Through Persistent Cookies
CWE-565 Reliance on Cookies without Validation and Integrity Checking
CWE-602 Client-Side Enforcement of Server-Side Security
CWE-642 External Control of Critical State Data
CWE-724
Back to Top