General Information

Client Controlled Multiphase Process State Flags Manipulation

Variants:
Direct Persistent Session 

Also Known As:
Flow Bypass via Parameter Tampering

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Secure Design

Invented In:
01/02/2000

Added In:
25/12/2014


Vector Operation Method:
Attackers can ignore the enforcement of phases in a multiphase processes by manipulating state flags originating from the client-side, in processes such as password recovery, multiphase transactions, etc.


Direct Variant:

Client Controlled Multiphase Process State Flags Manipulation

Variant Title:
Client Controlled Multiphase Process State Flags Manipulation

Typical Severity:
Major

Resources:

White Papers:

Learn More:


Persistent Variant:

Stored Client Controlled Multiphase Process State Flags Manipulation

Also Known As:
Persistent Multiphase Process State Flags Manipulation

Typical Severity:
Major

Resources:

White Papers:

Learn More:


Session Variant:

Multiphase Client Controlled Process State Flags Manipulation via Session Poisoning

Variant Title:
Multiphase Client Controlled Process State Flags Manipulation via Session Poisoning

Typical Severity:
Major

Resources:

White Papers:

Learn More: