Leaky or Guessable Session Identifiers

Loading...
Thumbnail Image

Date

Journal Title

Journal ISSN

Volume Title

Publisher

IEEE

Access

Embargo end date

Citation

Stephen Farrell, Leaky or Guessable Session Identifiers, IEEE Internet Computing, 15, 1, 2011, 88-91

Abstract

Many Internet and Web applications use session identifiers. Too often, developers of those applications make the bad assumption that all is well because session identifiers are only known to authorized users. However, in many cases, session identifiers can leak out or be guessed, sometimes trivially. If presenting an identifier is the only authorization an application requires, it can represent an easily exploited vulnerability. Although these vulnerabilities are old and well-known, some recent examples of problems arising from them show that developers must remain on guard against them.

Description

PUBLISHED

Endorsement

Review

Supplemented By

Referenced By

Publisher: IEEE
Type of material: Journal Article