wisemonkeys logo
FeedNotificationProfileManage Forms
FeedNotificationSearchSign in
wisemonkeys logo

Blogs

Session Vulnerabilities

profile
Akanksha Rathod
Aug 17, 2022
1 Like
0 Discussions
104 Reads

Before we learn about the vulnerabilities we should know what is a session.

You might have observed being logged out from a website after you keep it idle for a long time, you also get a message stating that "Session has expired".

Session simply means a group of interactions that a user has on a website within a given time frame. Visiting a website can also be considered as a session, however, in technical words, session can be captured by existing the website or by a period of user inactivity.

How can a session be vulnerable?


1) Generating weak session management:

The logic of creating a session token is pretty simple. The attacker is able to learn the pattern and is able to create a valid fake token using the exposed logic behind the session token creation.

2) Poor handling of sessions:
If the session is not terminated properly, or the token is leaked within the network, token hijacking can take place, where the attacker can easily invade.

3) Using meaningful token as a session ID:
Some developers tries to put a lot of information in the session ID, these information may include username, user id, email address, etc. The value may be encrypted and look long however, if it is decoded, it will give out all the useful information of the user.

4) Using predictable tokens:
The session ID tokens are in encrypted format and hence, we feel that they are safe. However, we do not know if they consist of some pattern or a sequence that is commonly used, if so, attackers can easily guess the token.

Session cookies puts the data into temporary memory and deletes it once the session is finished. This data is then used to track the user's development throughout the website. If these sessions are not managed properly, user's information can be stolen like passwords or confidential data. This attack is called as session hijacking. Attacker can use brute force, can guess or predict the exposed session tokens and impersonates and hijacks a genuine user. 


Comments ()


Sign in

Read Next

Personalized Movie Recommendations with Data Science

Blog banner

File sharing

Blog banner

Memory management

Blog banner

INTERNET SECURITY

Blog banner

PHONE TECHNOLOGY

Blog banner

In the world of Technology...

Blog banner

Daycare Centres Help Children Transition into Structured Learning

Blog banner

OPERATING SYSTEM

Blog banner

Deadlock and starvation

Blog banner

Brilliant WhatsApp Features Upcoming in 2023

Blog banner

Deadlock and Starvation

Blog banner

Fossil Hunting 101 at the Peace River, Arcadia, Florida, USA

Blog banner

Workplace mental health: A Psychological Perspective on Employee Well-being and Organizational Growth

Blog banner

Dental Problems That Start Small But Should Never Be Ignored

Blog banner

An Overivew Of Cache Memory

Blog banner

Service design process in ITSM

Blog banner

Security and E-mail

Blog banner

POVERTY:Causes and solutions to problems

Blog banner

Beautiful and stunning natural phenomena worth to see

Blog banner

Multiple-Processor Scheduling in Operating System

Blog banner

Benefits of Yoga

Blog banner

Why Makhana Is Becoming India’s Favourite Healthy Snack?

Blog banner

38_Exploring The Honeynet Project

Blog banner

Online Education

Blog banner

JUSTICE FOR EVERY “BEZUBAAN ANIMAL”

Blog banner

IOT- Internet Of Things

Blog banner

Introduction to Data Science: Life Cycle & Applications

Blog banner

LinkedIn: Watch out for these 7 upcoming updates in 2023

Blog banner

LEMON PICKLE (NIMBU KA ACHAR)

Blog banner

Data Science in Predictive Analytics: Transforming Business Decision-Making

Blog banner

Harsh Rathod

Blog banner

IT Service as as Value Creation

Blog banner

Virtual Memory

Blog banner

Salt, Sand, and Smiles: Does the Maroubra Lifestyle Affect Your Enamel?

Blog banner

Security Issues and Countermeasures

Blog banner

Modern operating system

Blog banner

Traditional Unix System

Blog banner

Social engineering in cyber security

Blog banner

Instagram

Blog banner

Bit Coins

Blog banner

Development Of Modern Operating System

Blog banner

Multiprocessor and Multicore Organization

Blog banner