Gesellschaft für Informatik e.V.

Lecture Notes in Informatics

Sicherheit 2010 Sicherheit, Schutz und Zuverlässigkeit P-170, 341-352 (2010).

Gesellschaft für Informatik, Bonn

Copyright © Gesellschaft für Informatik, Bonn


Session fixation - the forgotten vulnerability?

Michael Schrank , Bastian Braun , Martin Johns and Joachim Posegga


The term `Session Fixation vulnerability' subsumes issues in Web applications that under certain circumstances enable the adversary to perform a session hijacking attack through controlling the victim's session identifier value. We explore this vulnerability pattern. First, we give an analysis of the root causes and document existing attack vectors. Then we take steps to assess the current attack surface of Session Fixation. Finally, we present a transparent server-side method for mitigating vulnerabilities.

Full Text: PDF

Gesellschaft für Informatik, Bonn
ISBN 978-3-88579-264-2

Last changed 04.10.2013 18:32:26