|Name ||Manipulating User State |
|Summary ||An attacker modifies state information maintained by the target software in user-accessible locations. If successful, the target software will use this tainted state information and execute in an unintended manner.
State management is an important function within an application. User state maintained by the application can include usernames, payment information, browsing history as well as application-specific contents such as items in a shopping cart.
Manipulating user state can be employed by an attacker to elevate privilege, conduct fraudulent transactions or otherwise modify the flow of the application to derive certain benefits. |
|Prerequisites || |
|Solutions ||Do not rely solely on user-controllable locations, such as cookies or URL parameters, to maintain user state
Do not store sensitive information, such as usernames or authentication and authorization information, in user-controllable locations.
At all times sensitive information that is part of the user state must be appropriately protected to ensure confidentiality and integrity at each request |
|CWE ID ||Description |
|CWE-315 ||Cleartext Storage of Sensitive Information in a Cookie |
|CWE-353 ||Missing Support for Integrity Check |
|CWE-371 || |
|CWE-372 ||Incomplete Internal State Distinction |
|CWE-693 ||Protection Mechanism Failure |