/vulndb/Weak Session Management

This happens when the web application produces a session cookie, which value is easily guessable. For example the session may be based on unix timestamps or just an MD5 of a timestamp, etc.

An attacker may be able to counterfeit session cookie by guessing its value (for example after a brute force attempt) and thus easily perform a session hijacking attack.


A common practice to protect the confidentiality a session cookie is to encrypt its fields at the application level. A good session cookie will be not only unique but also fairly random, providing enough entropy to make any brute force attacks unfeasible and large enough to support the application’s user base.


http://en.wikipedia.org/wiki/HTTP_cookie#Cookie_theft_and_session_hijacking http://en.wikipedia.org/wiki/Session_hijacking