Information Leak Through Persistent Cookies |
Weakness ID: 539 (Weakness Variant) | Status: Incomplete |
Description Summary
Persistent cookies are cookies that are stored on the browser's hard drive. This can cause security and privacy issues depending on the information stored in the cookie and how it is accessed.
Cookies are small bits of data that are sent by the web application but stored locally in the browser. This lets the application use the cookie to pass information between pages and store variable information. The web application controls what information is stored in a cookie and how it is used. Typical types of information stored in cookies are session Identifiers, personalization and customization information, and in rare cases even usernames to enable automated logins. There are two different types of cookies: session cookies and persistent cookies. Session cookies just live in the browser's memory, and are not stored anywhere, but persistent cookies are stored on the browser's hard drive. |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Base | 538 | File and Directory Information Exposure | Development Concepts (primary)699 Research Concepts (primary)1000 |
ChildOf | Category | 729 | OWASP Top Ten 2004 Category A8 - Insecure Storage | Weaknesses in OWASP Top Ten (2004) (primary)711 |
CAPEC-ID | Attack Pattern Name | (CAPEC Version: 1.4) |
---|---|---|
21 | Exploitation of Session Variables, Resource IDs and other Trusted Credentials | |
31 | Accessing/Intercepting/Modifying HTTP Cookies | |
39 | Manipulating Opaque Client-based Data Tokens | |
59 | Session Credential Falsification through Prediction | |
60 | Reusing Session IDs (aka Session Replay) |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
Anonymous Tool Vendor (under NDA) | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Potential Mitigations, Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Other Notes, Taxonomy Mappings | ||||
2009-03-10 | CWE Content Team | MITRE | Internal | |
updated Relationships |