| Name | Session Credential Falsification through Manipulation |
| Summary | An attacker manipulates an existing credential in order to gain access to a target application. Session credentials allow users to identify themselves to a service after an initial authentication without needing to resend the authentication information (usually a username and password) with every message. An attacker may be able to manipulate a credential sniffed from an existing connection in order to gain access to a target server. For example, a credential in the form of a web cookie might have a field that indicates the access rights of a user. By manually tweaking this cookie, a user might be able to increase their access rights to the server. Alternately an attacker may be able to manipulate an existing credential to appear as a different user. This attack differs from falsification through prediction in that the user bases their modified credentials off existing credentials instead of using patterns detected in prior credentials to create a new credential that is accepted because it fits the pattern. As a result, an attacker may be able to impersonate other users or elevate their permissions to a targeted service. |
| Prerequisites | The targeted application must use session credentials to identify legitimate users. |
| Solutions | |
| Related Weaknesses |
| CWE ID | Description |
| CWE-472 | External Control of Assumed-Immutable Web Parameter |
| CWE-565 | Reliance on Cookies without Validation and Integrity Checking |
|
