Skip to content
/ session-hijacking Public

A threat actor may access the user's account using a stolen or leaked valid (existing) session identifier

License

AGPL-3.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

qeeqbox/session-hijacking

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
session-hijacking.drawio
session-hijacking.drawio
 
 
session-hijacking.png
session-hijacking.png
 
 

Repository files navigation

A threat actor may access the user's account using a stolen or leaked valid (existing) session identifier.

Example #1

  1. Threat actor sniffs network traffic and gets a session identifier
  2. Threat actor uses the same session identifier to gain unauthorized access to a victim's account

Impact

Vary

Risk

  • Gain unauthorized access

Redemption

  • Identity confirmation
  • Regenerate session ids at authentication
  • Timeout and replace old session ids
  • Store ids in HTTP cookies

ID

3693c458-c1b8-439f-8f0b-c3620c1c0129

References

About

A threat actor may access the user's account using a stolen or leaked valid (existing) session identifier

Topics

visualization metadata example session vulnerability hijacking qeeqbox infosecsimplified

Resources

Readme

License

AGPL-3.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Sponsor this project

 
Learn more about GitHub Sponsors