Dark Mode
Capec-593 Detail
Session Hijacking
Standard Software Likelihood: High Typical Severity: Very High
Parents: 21
Children: 60 61 102 107
Threats: T292 T293 T375 T376 T377 T378 T379 T380 T381
Tools: 15
This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-593 | capec | https://capec.mitre.org/data/definitions/593.html | |
| CWE-287 | cwe | http://cwe.mitre.org/data/definitions/287.html | |
| T1185 | ATTACK | https://attack.mitre.org/wiki/Technique/T1185 | Browser Session Hijacking |
| T1550.001 | ATTACK | https://attack.mitre.org/wiki/Technique/T1550/001 | Use Alternate Authentication Material:Application Access Token |
| T1563 | ATTACK | https://attack.mitre.org/wiki/Technique/T1563 | Remote Service Session Hijacking |
| OWASP Attacks | https://owasp.org/www-community/attacks/Session_hijacking_attack | Session hijacking attack | |
| REF-603 | reference_from_CAPEC | https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/06-Session_Management_Testing/09-Testing_for_Session_Hijacking.html | OWASP Web Security Testing Guide, The Open Web Application Security Project (OWASP) |
Explore
-
Discover Existing Session Token: Through varrying means, an adversary will discover and store an existing session token for some other authenticated user session.
Experiment
-
Insert Found Session Token: The attacker attempts to insert a found session token into communication with the targeted application to confirm viability for exploitation.
Exploit
-
Session Token Exploitation: The attacker leverages the captured session token to interact with the targeted application in a malicious fashion, impersonating the victim.
- An application that leverages sessions to perform authentication.
- The adversary must have the ability to communicate with the application over the network.
| Low |
|---|
| Exploiting a poorly protected identity token is a well understood attack with many helpful resources available. |
| Integrity | Availability | Confidentiality |
|---|---|---|
| Gain Privileges (A successful attack can enable an adversary to gain unauthorized access to an application.) | Gain Privileges (A successful attack can enable an adversary to gain unauthorized access to an application.) | Gain Privileges (A successful attack can enable an adversary to gain unauthorized access to an application.) |
Not present