Conditions préalables
The victim's browser is not configured to reject all cookiesThe victim visits a website that serves the attackers' evercookie
Ressources nécessaires
Evercookie source code
Atténuations
Design: Browser's design needs to be changed to limit where cookies can be stored on the client side and provide an option to clear these cookies in all places, as well as another option to stop these cookies from being written in the first place.
Design: Safari browser's private browsing mode is currently effective against evercookies.
Faiblesses connexes
CWE-ID |
Nom de la faiblesse |
|
Exposure of Private Personal Information to an Unauthorized Actor The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected. |
Références
REF-401
Evercookie
Samy Kamkar.
http://samy.pl/evercookie/
Soumission
Nom |
Organisation |
Date |
Date de publication |
CAPEC Content Team |
The MITRE Corporation |
2014-06-23 +00:00 |
|
Modifications
Nom |
Organisation |
Date |
Commentaire |
CAPEC Content Team |
The MITRE Corporation |
2015-12-07 +00:00 |
Updated Description Summary, Related_Attack_Patterns |
CAPEC Content Team |
The MITRE Corporation |
2020-12-17 +00:00 |
Updated Mitigations |
CAPEC Content Team |
The MITRE Corporation |
2022-02-22 +00:00 |
Updated Description, Extended_Description |
CAPEC Content Team |
The MITRE Corporation |
2022-09-29 +00:00 |
Updated Taxonomy_Mappings |