|
|
|
|
CWE-539 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Incomplete 539 (Weakness Variant) | | Description | Summary Persistent cookies are cookies that are stored on the browser's hard drive. This can
cause security and privacy issues depending on the information stored in the cookie and how it is
accessed. | | Context Notes | Cookies are small bits of data that are sent by the web application but stored locally
in the browser. This lets the application use the cookie to pass information between pages and
store variable information. The web application controls what information is stored in a cookie
and how it is used. Typical types of information stored in cookies are session Identifiers,
personalization and customization information, and in rare cases even usernames to enable
automated logins. There are two different types of cookies: session cookies and persistent
cookies. Session cookies just live In the browser's memory, and are not stored anywhere, but
persistent cookies are stored on the browser's hard drive. | | Relationships | | | Source Taxonomies | Anonymous Tool Vendor (under NDA) - | | Related Attack Patterns | | CAPEC-ID | Attack Pattern Name |
|---|
| 21 | Exploitation of Session Variables, Resource IDs and other Trusted Credentials | | 39 | Manipulating Opaque Client-based Data Tokens | | 31 | Accessing/Intercepting/Modifying HTTP Cookies | | 60 | Reusing Session IDs (aka Session Replay) | | 59 | Session Credential Falsification through Prediction |
|
|
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated
