Black Hat

Session Management Issues

Session Management Issues: A session represents the connection that a client has with the server application. The session information that is maintained between the client and the server is important and can give an attacker access to confidential information if compromised.

Ideally, a session will have a unique identifier, encryption, and other parameters assigned every time a new connection between a client and server is created.

After the session is exited, closed, or not needed, the information is discarded and not used again (or at least not used for an extended period), but this is not always the case, Some vulnerability of this type include the following:

Long-Lived Sessions: Sessions between client and a server should remain valid only for the time they are needed and then discarded.

Sessions that remain valid for periods longer than they are needed allow intruders using attacks such as XSS to retrieve session identifiers and reuse a session.

Logout Features: Applications should provide a logout feature that allows a visitor to log out and close a session without closing the browser.

Insecure or Weak Session Identifiers: Session IDs that are easily predicted or guessed – so they can be used by an attacker to retrieve or use sessions that should be closed – can be exploited.

Some flaws in web applications can lead to the reuse of session IDs. Exploitation of session IDs can also fall into the category of session hijacking.

Granting of Session IDs to Unauthorized Users: Sometimes applications grant session IDs to unauthenticated users and redirect them to a logout page. This can give the attacker the ability to request the valid URLs.

Poor or No Password Change Controls: An improperly implemented or insecure password change system, in which the old password is not required, allows a hacker to change passwords of others users.

Inclusion of Unprotected Information in Cookies: Cookies may contain unprotected information such as the internal IP address of a server that can be used by a hacker to learn more about the nature of the web application.

Related Articles

Leave a Reply

Back to top button