/alerttags/cwe-384/ Recent content in CWE-384 on ZAP Hugo en-us /docs/alerts/40013-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40013-5/ <p>A session id is exposed in the URL. By sharing such a website URL (containing the session id), a naive user may be inadvertently granting access to their data, compromising its confidentiality, integrity, and availability. URLs containing the session identifier also appear in web browser bookmarks, web server log files, and proxy server log files.</p> /docs/alerts/40013-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40013-4/ <p>Session Fixation may be possible. If this issue occurs with a login URL (where the user authenticates themselves to the application), then the URL may be given by an attacker, along with a fixed session id, to a victim, in order to later assume the identity of the victim using the given session id. If the issue occurs with a non-login page, the URL and fixed session id may only be used by an attacker to track an unauthenticated user&rsquo;s actions. If the vulnerability occurs on a cookie field or a form field (POST parameter) rather than on a URL (GET) parameter, then some other vulnerability may also be required in order to set the cookie field on the victim&rsquo;s browser, to allow the vulnerability to be exploited.</p> /docs/alerts/40013-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40013-6/ <p>Session Fixation may be possible. If this issue occurs with a login URL (where the user authenticates themselves to the application), then the URL may be given by an attacker, along with a fixed session id, to a victim, in order to later assume the identity of the victim using the given session id. If the issue occurs with a non-login page, the URL and fixed session id may only be used by an attacker to track an unauthenticated user&rsquo;s actions. If the vulnerability occurs on a cookie field or a form field (POST parameter) rather than on a URL (GET) parameter, then some other vulnerability may also be required in order to set the cookie field on the victim&rsquo;s browser, to allow the vulnerability to be exploited.</p> /docs/alerts/40013-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40013-2/ <p>A Session Id cookie sent by the server (when the URL is modified by setting the named parameter field to NULL) may be accessed by JavaScript on the client. In conjunction with another vulnerability, this may allow the session to be hijacked.</p> /docs/alerts/40013-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40013-3/ <p>A Session Id cookie sent by the server (when the URL is modified by setting the named parameter field to NULL) is set to be valid for an excessive period of time. This may be exploitable by an attacker if the user forgets to log out, if the logout functionality does not correctly destroy the session, or if the session id is compromised by some other means.</p> /docs/alerts/40013-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/40013-1/ <p>A session id may be sent via an insecure mechanism. In the case of a cookie sent in the request, this occurs when HTTP, rather than HTTPS, is used. In the case of a cookie sent by the server in response (when the URL is modified by setting the named parameter field to NULL), the &lsquo;secure&rsquo; flag is not set, allowing the cookie to be sent later via HTTP rather than via HTTPS. This may allow a passive eavesdropper on the network path to gain full access to the victim&rsquo;s session.</p>