Authentication Bypass via Session Puzzling

Variants:
Direct 

Also Known As:
Session Variable Overloading, Session Poisoning

Vector Operation Method:
Attackers can abuse hardcoded default session values or multiple components relying on identical session attributes to bypass the authentication enforcement mechanism via abnormal access sequences. Logical session puzzling attacks make use of forced browsing in customized sequences, hardcoded default session attributes, and in many cases, session poisoning.