The application uses a predictable session ID. Session IDs are how the application tracks users across page requests per HTTP state management as defined in RFC 6265. If the method of generating session IDs is predictable, attackers can predict future IDs and use them to gain access to valid user sessions.
Attackers who can predict session IDs can hijack sessions for multiple users and gain access to their accounts. Once an attacker hijacks a session, they can gain access to sensitive or personal data and potentially change the account password in order to establish longer term access to the application.
How To Test
Sample Report Screenshots
Time Saving Tips