Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-226:Session Credential Falsification through Manipulation
Attack Pattern ID:226
Version:v3.9
Attack Pattern Name:Session Credential Falsification through Manipulation
Abstraction:Detailed
Status:Draft
Likelihood of Attack:
Typical Severity:Medium
DetailsContent HistoryRelated WeaknessesReports
2Weaknesses found
CWE-472
External Control of Assumed-Immutable Web Parameter
ShareView Details
External Control of Assumed-Immutable Web Parameter
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in48CVEs

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

Impacts-
Modify Application Data
Tags-
Input ValidationModify Application Data (impact)
As Seen In-
Not Available
CWE-565
Reliance on Cookies without Validation and Integrity Checking
ShareView Details
Reliance on Cookies without Validation and Integrity Checking
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in61CVEs

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

Impacts-
Gain Privileges or Assume IdentityExecute Unauthorized Code or CommandsModify Application Data
Tags-
Execute Unauthorized Code or Commands (impact)Modify Application Data (impact)Gain Privileges or Assume Identity (impact)
As Seen In-
Not Available