The attacker uses the falsified session ID to access the target system.
Attack Step Techniques
Attack Step Technique Description
The attacker loads the session ID into his web browser and browses to restricted data or functionality.
The attacker loads the session ID into his network communications and impersonates a legitimate user to gain access to data or functionality.
env-CommProtocol env-Peer2Peer env-ClientServer
Security Control Description
Monitor the correlation between session IDs and other station designations (MAC address, IP address, VLAN, etc.). Alert on session ID reuse from multiple sources.
Terminate both sessions if an ID is used from multiple origins.
The target host uses session IDs to keep track of the users.
Session IDs are used to control access to resources.
The session IDs used by the target host are predictable.For example, the session IDs are generated using predictable information (e.g., time).
Typical Likelihood of Exploit
Methods of Attack
Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.