CAPEC Related Weakness
Session Credential Falsification through Forging
CWE-361
CWE-384
CWE-664Improper Control of a Resource Through its Lifetime
Exploitation of Session Variables, Resource IDs and other Trusted Credentials
CWE-6J2EE Misconfiguration: Insufficient Session-ID Length
CWE-290Authentication Bypass by Spoofing
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-346Origin Validation Error
CWE-384
CWE-539Information Exposure Through Persistent Cookies
CWE-602Client-Side Enforcement of Server-Side Security
CWE-642External Control of Critical State Data
CWE-664Improper Control of a Resource Through its Lifetime
Reusing Session IDs (aka Session Replay)
CWE-200Information Exposure
CWE-285Improper Authorization
CWE-290Authentication Bypass by Spoofing
CWE-294Authentication Bypass by Capture-replay
CWE-346Origin Validation Error
CWE-384
CWE-488Exposure of Data Element to Wrong Session
CWE-539Information Exposure Through Persistent Cookies
CWE-664Improper Control of a Resource Through its Lifetime
CWE-732Incorrect Permission Assignment for Critical Resource
Session Fixation
CWE-361
CWE-384
CWE-664Improper Control of a Resource Through its Lifetime
CWE-732Incorrect Permission Assignment for Critical Resource
Cross Site Request Forgery (aka Session Riding)
CWE-306Missing Authentication for Critical Function
CWE-352
CWE-664Improper Control of a Resource Through its Lifetime
CWE-716
CWE-732Incorrect Permission Assignment for Critical Resource
Back to Top