Session Fixation


Description

The application is vulnerable to session fixation attacks.  Session fixation occurs when an attacker is able to set or “fix” a user’s session ID during authentication. Once an attacker fixes the session ID, they can effectively hijack the user’s session. This vulnerability is made possible by a session ID which is not updated after the user authenticates to the application. 

Custom Description

Impact

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply