[Discover Existing Session Token] Through varrying means, an adversary will discover and store an existing session token for some other authenticated user session.
[Insert Found Session Token] The attacker attempts to insert a found session token into communication with the targeted application to confirm viability for exploitation.
[Session Token Exploitation] The attacker leverages the captured session token to interact with the targeted application in a malicious fashion, impersonating the victim.
Weakness Name | |
---|---|
Improper Authentication When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Name | Organization | Date | Date Release |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation |
Name | Organization | Date | Comment |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation | Updated Examples-Instances, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit | |
CAPEC Content Team | The MITRE Corporation | Updated Description, Taxonomy_Mappings | |
CAPEC Content Team | The MITRE Corporation | Updated References, Taxonomy_Mappings | |
CAPEC Content Team | The MITRE Corporation | Updated Taxonomy_Mappings | |
CAPEC Content Team | The MITRE Corporation | Updated Execution_Flow | |
CAPEC Content Team | The MITRE Corporation | Updated Taxonomy_Mappings |