CAPEC Related Weakness
Session Credential Falsification through Forging
CWE-384Session Fixation
CWE-664Improper Control of a Resource Through its Lifetime
Exploitation of Trusted Credentials
CWE-6J2EE Misconfiguration: Insufficient Session-ID Length
CWE-290Authentication Bypass by Spoofing
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-346Origin Validation Error
CWE-384Session Fixation
CWE-539Use of Persistent Cookies Containing Sensitive Information
CWE-602Client-Side Enforcement of Server-Side Security
CWE-642External Control of Critical State Data
CWE-664Improper Control of a Resource Through its Lifetime
Reusing Session IDs (aka Session Replay)
CWE-200Exposure of Sensitive Information to an Unauthorized Actor
CWE-285Improper Authorization
CWE-290Authentication Bypass by Spoofing
CWE-294Authentication Bypass by Capture-replay
CWE-346Origin Validation Error
CWE-384Session Fixation
CWE-488Exposure of Data Element to Wrong Session
CWE-539Use of Persistent Cookies Containing Sensitive Information
CWE-664Improper Control of a Resource Through its Lifetime
CWE-732Incorrect Permission Assignment for Critical Resource
Session Fixation
CWE-3617PK - Time and State
CWE-384Session Fixation
CWE-664Improper Control of a Resource Through its Lifetime
CWE-732Incorrect Permission Assignment for Critical Resource
Cross Site Request Forgery
CWE-306Missing Authentication for Critical Function
CWE-352Cross-Site Request Forgery (CSRF)
CWE-664Improper Control of a Resource Through its Lifetime
CWE-716OWASP Top Ten 2007 Category A5 - Cross Site Request Forgery (CSRF)
CWE-732Incorrect Permission Assignment for Critical Resource
Back to Top