CAPEC-60 Metadata
Likelihood of Attack
High
Typical Severity
High
Overview
Summary
This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
Prerequisites
The target host uses session IDs to keep track of the users. Session IDs are used to control access to resources. The session IDs used by the target host are not well protected from session theft.
Execution Flow
| Step | Phase | Description | Techniques |
|---|---|---|---|
| 1 | Explore | The attacker interacts with the target host and finds that session IDs are used to authenticate users. |
|
| 2 | Explore | The attacker steals a session ID from a valid user. |
|
| 3 | Exploit | The attacker tries to use the stolen session ID to gain access to the system with the privileges of the session ID's original owner. |
|
Potential Solutions / Mitigations
Always invalidate a session ID after the user logout. Setup a session time out for the session IDs. Protect the communication between the client and server. For instance it is best practice to use SSL to mitigate adversary in the middle attacks (CAPEC-94). Do not code send session ID with GET method, otherwise the session ID will be copied to the URL. In general avoid writing session IDs in the URLs. URLs can get logged in log files, which are vulnerable to an attacker. Encrypt the session data associated with the session ID. Use multifactor authentication.
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor |
| CWE-285 | Improper Authorization |
| CWE-290 | Authentication Bypass by Spoofing |
| CWE-294 | Authentication Bypass by Capture-replay |
| CWE-346 | Origin Validation Error |
| CWE-384 | Session Fixation |
| CWE-488 | Exposure of Data Element to Wrong Session |
| CWE-539 | Use of Persistent Cookies Containing Sensitive Information |
| CWE-664 | Improper Control of a Resource Through its Lifetime |
| CWE-732 | Incorrect Permission Assignment for Critical Resource |
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-593 | This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application. |
Taxonomy Mappings
Taxonomy: ATTACK
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.