Knowledge Base - Issues
Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.Cookies Attributes is a vulnerability in Session Management, which is a subcategory of Web and API Security according to the Common Weakness Enumeration (CWE) directory. This vulnerability occurs when the server fails to properly set the attributes of the cookie. This can be due to a lack of proper configuration...
Exposed Session Variables, classified as a Session Management vulnerability in the CWE directory and OWASP Testing Guide, occurs when application or web server environment variables are accessible to users or attackers, potentially exposing sensitive information. This can create a risk of session hijacking and other malicious activities.
## Risk
The risk...
Exposure of Data Element to Wrong Session (CWE-384) is a type of vulnerability found in Web and API applications that occurs when the application discloses data elements associated with a particular user session to a different user session. This can occur when the application fails to properly separate user sessions...
Insufficient Session Expiration (CWE-613) is a vulnerability in session management, which is commonly found in web applications and APIs. It occurs when a session is not terminated by the server at the expected time, allowing an attacker to reuse a valid session, thereby bypassing the authentication process. This vulnerability is...
No log out functionality is a type of session management vulnerability (CWE-613) which occurs when web and API applications do not provide a mechanism for users to log out of the system. This can potentially lead to an attacker gaining access to the account of a legitimate user if their...
No session timeout is an IT vulnerability that falls under the category of Session Management (CWE-613). It occurs when a web or API application fails to have a session timeout, which causes the user's session to remain active indefinitely. This enables attackers to hijack an active session despite the user's...
Session Fixation (CWE-384) is a web security vulnerability that occurs when an attacker forces a user's web browser to authenticate to a web site using a fixed session ID. This type of attack is particularly dangerous as it allows an attacker to hijack a user's authenticated session and gain access...
Session Hijacking is a type of attack that allows a malicious user to gain access to a session between two or more parties, such as a web server and a user. It is classified as a form of Session Management vulnerability, according to the Common Weakness Enumeration (CWE) directory (CWE-384)....
Session Puzzling is a session management vulnerability that occurs in Web and API applications and is categorized in the Common Weakness Enumeration (CWE) directory as CWE-384. It is a type of attack where an attacker can guess session IDs and hijack active sessions, allowing them to access data and services...
Session token does not expire is a vulnerability that occurs when an authentication session token does not expire after a certain period of inactivity. This vulnerbility is classified under CWE-613: Insufficient Session Expiration and falls under the category of Session Management (CWE-384). According to the OWASP Testing Guide, this vulnerability...
Session token in URL (CWE-613) is a web and API vulnerability that occurs when an application passes a user's session token in the URL instead of using a secure cookie. This allows malicious users to gain access to the user's session token, which can be used to gain unauthorized access....
Showing entries 1 to 11 of 11 entries.