Predictable Session Identifier Abuse
Variants:
Direct
Also Known As:
Predictable Session ID, Session Prediction, Session Credential Falsification
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Session Management
Invented In:
01/01/1999
Added In:
24/12/2014
Vector Operation Method:
The session identifier structure is insufficiently complex, enabling attackers to enumerate session identifiers of existing users and impersonate them in front of the application.
