Reusing Session IDs (aka Session Replay) |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
CWE-285
|
Improper Authorization
|
CWE-290
|
Authentication Bypass by Spoofing
|
CWE-294
|
Authentication Bypass by Capture-replay
|
CWE-346
|
Origin Validation Error
|
CWE-384
|
Session Fixation
|
CWE-488
|
Exposure of Data Element to Wrong Session
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
CWE-664
|
Improper Control of a Resource Through its Lifetime
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|
Cross Site Request Forgery |
CWE-306
|
Missing Authentication for Critical Function
|
CWE-352
|
Cross-Site Request Forgery (CSRF)
|
CWE-664
|
Improper Control of a Resource Through its Lifetime
|
CWE-716
|
OWASP Top Ten 2007 Category A5 - Cross Site Request Forgery (CSRF)
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
CWE-1275
|
Sensitive Cookie with Improper SameSite Attribute
|
|
Session Credential Falsification through Forging |
CWE-384
|
Session Fixation
|
CWE-664
|
Improper Control of a Resource Through its Lifetime
|
|
Exploitation of Trusted Identifiers |
CWE-6
|
J2EE Misconfiguration: Insufficient Session-ID Length
|
CWE-290
|
Authentication Bypass by Spoofing
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
CWE-346
|
Origin Validation Error
|
CWE-384
|
Session Fixation
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
CWE-642
|
External Control of Critical State Data
|
CWE-664
|
Improper Control of a Resource Through its Lifetime
|
|
Session Fixation |
CWE-361
|
7PK - Time and State
|
CWE-384
|
Session Fixation
|
CWE-664
|
Improper Control of a Resource Through its Lifetime
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|