Common Weakness Enumeration

CWE-565

Allowed

Reliance on Cookies without Validation and Integrity Checking

Abstraction: Base · Status: Incomplete

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

95 vulnerabilities reference this CWE, most recent first.

GHSA-7W8X-G282-6CF2

Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2022-07-30 00:00
VLAI
Details

The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users’ data in the Cookie.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28171"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522",
      "CWE-565"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-06T12:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain privileged permissions remotely by tampering with users\u2019 data in the Cookie.",
  "id": "GHSA-7w8x-g282-6cf2",
  "modified": "2022-07-30T00:00:35Z",
  "published": "2022-05-24T22:28:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28171"
    },
    {
      "type": "WEB",
      "url": "https://www.chtsecurity.com/news/7f0874b5-516b-4637-842d-b6fb6c335c66"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/tw/cp-132-4618-4dcc2-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7WGV-8JV9-78P4

Vulnerability from github – Published: 2025-12-13 18:30 – Updated: 2026-04-08 18:34
VLAI
Details

The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.01. This is due to incorrect authentication checking in the 'jay_login_register_process_switch_back' function with the 'jay_login_register_process_switch_back' cookie value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-14440"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-565"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-13T16:16:49Z",
    "severity": "CRITICAL"
  },
  "details": "The JAY Login \u0026 Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.01. This is due to incorrect authentication checking in the \u0027jay_login_register_process_switch_back\u0027 function with the \u0027jay_login_register_process_switch_back\u0027 cookie value. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.",
  "id": "GHSA-7wgv-8jv9-78p4",
  "modified": "2026-04-08T18:34:01Z",
  "published": "2025-12-13T18:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14440"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/jay-login-register/tags/2.4.01/includes/jay-login-register-user-switching.php#L98"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset/3418754"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/928877a6-eeeb-4ed5-900b-9b1560e1bf87?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-844M-CPR9-JCMH

Vulnerability from github – Published: 2021-11-15 17:54 – Updated: 2022-08-11 18:31
VLAI
Summary
Rails Multisite secure/signed cookies share secrets between sites in a multi-site application
Details

Impact

This vulnerability impacts any Rails applications using rails_multisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different 'sites' within a multi-site Rails application.

Patches

The issue has been patched in v4 of the rails_multisite gem. Note that this upgrade will invalidate all previous signed/encrypted cookies. The impact of this invalidation will vary based on the application architecture.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "rails_multisite"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-41263"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-327",
      "CWE-565"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-11-15T17:53:35Z",
    "nvd_published_at": "2021-11-15T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThis vulnerability impacts any Rails applications using `rails_multisite` alongside Rails\u0027 signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different \u0027sites\u0027 within a multi-site Rails application.\n\n### Patches\nThe issue has been patched in v4 of the `rails_multisite` gem. Note that this upgrade will invalidate all previous signed/encrypted cookies. The impact of this invalidation will vary based on the application architecture.",
  "id": "GHSA-844m-cpr9-jcmh",
  "modified": "2022-08-11T18:31:09Z",
  "published": "2021-11-15T17:54:01Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/discourse/rails_multisite/security/advisories/GHSA-844m-cpr9-jcmh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41263"
    },
    {
      "type": "WEB",
      "url": "https://github.com/discourse/rails_multisite/commit/c6785cdb5c9277dd2c5ac8d55180dd1ece440ed0"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/discourse/rails_multisite"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails_multisite/CVE-2021-41263.yml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Rails Multisite secure/signed cookies share secrets between sites in a multi-site application"
}

GHSA-84XP-5PQJ-58WV

Vulnerability from github – Published: 2022-05-24 22:00 – Updated: 2022-10-14 12:00
VLAI
Details

Linear eMerge 50P/5000P devices allow Authentication Bypass.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-7266"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-565"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-02T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Linear eMerge 50P/5000P devices allow Authentication Bypass.",
  "id": "GHSA-84xp-5pqj-58wv",
  "modified": "2022-10-14T12:00:25Z",
  "published": "2022-05-24T22:00:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7266"
    },
    {
      "type": "WEB",
      "url": "https://applied-risk.com/labs/advisories"
    },
    {
      "type": "WEB",
      "url": "https://www.applied-risk.com/resources/ar-2019-006"
    },
    {
      "type": "WEB",
      "url": "https://www.us-cert.gov/ics/advisories/icsa-20-184-01"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/155250/Linear-eMerge50P-5000P-4.6.07-Remote-Code-Execution.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8C7C-H7PX-267G

Vulnerability from github – Published: 2026-05-22 00:31 – Updated: 2026-06-24 21:13
VLAI
Summary
Concrete CMS is vulnerable to IDOR in surveys
Details

Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID through the public survey’s endpoint.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "concrete5/concrete5"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.5.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-8337"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-565"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-24T21:13:47Z",
    "nvd_published_at": "2026-05-21T22:16:50Z",
    "severity": "MODERATE"
  },
  "details": "Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys.\u00a0To be vulnerable, a\u00a0site would have to be configured in such a way that both public and private surveys are present on the site. An\u00a0unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID through the public survey\u2019s endpoint.",
  "id": "GHSA-8c7c-h7px-267g",
  "modified": "2026-06-24T21:13:47Z",
  "published": "2026-05-22T00:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8337"
    },
    {
      "type": "WEB",
      "url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/951-release-notes"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/concretecms/concretecms"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Concrete CMS is vulnerable to IDOR in surveys"
}

GHSA-8F96-86FJ-W39W

Vulnerability from github – Published: 2022-07-26 00:00 – Updated: 2022-08-03 00:00
VLAI
Details

IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-35284"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-565"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-25T18:23:00Z",
    "severity": "HIGH"
  },
  "details": "IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811.",
  "id": "GHSA-8f96-86fj-w39w",
  "modified": "2022-08-03T00:00:57Z",
  "published": "2022-07-26T00:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35284"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230811"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6606663"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8P8W-FW4M-CFJ7

Vulnerability from github – Published: 2022-05-24 16:57 – Updated: 2022-12-03 00:30
VLAI
Details

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-4305"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-565"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-30T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951.",
  "id": "GHSA-8p8w-fw4m-cfj7",
  "modified": "2022-12-03T00:30:21Z",
  "published": "2022-05-24T16:57:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-4305"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160951"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/960171"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8PGC-65MJ-53H5

Vulnerability from github – Published: 2024-07-19 06:31 – Updated: 2024-10-31 17:02
VLAI
Summary
github.com/gitpod-io/gitpod vulnerable to Cookie Tossing
Details

Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/auth before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/public-api-server before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/server before main-gha.27122; versions of the package @gitpod/gitpod-protocol before 0.1.5-main-gha.27122 are vulnerable to Cookie Tossing due to a missing __Host- prefix on the gitpod_io_jwt2 session cookie. This allows an adversary who controls a subdomain to set the value of the cookie on the Gitpod control plane, which can be assigned to an attacker’s own JWT so that specific actions taken by the victim (such as connecting a new Github organization) are actioned by the attackers session.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/gitpod-io/gitpod"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.8.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-21583"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15",
      "CWE-565"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-09-06T22:05:52Z",
    "nvd_published_at": "2024-07-19T05:15:10Z",
    "severity": "MODERATE"
  },
  "details": "Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/auth before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/public-api-server before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/server before main-gha.27122; versions of the package @gitpod/gitpod-protocol before 0.1.5-main-gha.27122 are vulnerable to Cookie Tossing due to a missing __Host- prefix on the _gitpod_io_jwt2_ session cookie. This allows an adversary who controls a subdomain to set the value of the cookie on the Gitpod control plane, which can be assigned to an attacker\u2019s own JWT so that specific actions taken by the victim (such as connecting a new Github organization) are actioned by the attackers session.",
  "id": "GHSA-8pgc-65mj-53h5",
  "modified": "2024-10-31T17:02:51Z",
  "published": "2024-07-19T06:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21583"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gitpod-io/gitpod/pull/19973"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gitpod-io/gitpod/commit/da1053e1013f27a56e6d3533aa251dbd241d0155"
    },
    {
      "type": "WEB",
      "url": "https://app.safebase.io/portal/71ccd717-aa2d-4a1e-942e-c768d37e9e0c/preview?product=%5B%E2%80%A6%5D942e-c768d37e9e0c\u0026tcuUid=1d505bda-9a38-4ca5-8724-052e6337f34d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/gitpod-io/gitpod"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2024-2997"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODCOMPONENTSSERVERGOPKGLIB-7452074"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODCOMPONENTSWSPROXYPKGPROXY-7452075"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODINSTALLINSTALLERPKGCOMPONENTSAUTH-7452076"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODINSTALLINSTALLERPKGCOMPONENTSPUBLICAPISERVER-7452077"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODINSTALLINSTALLERPKGCOMPONENTSSERVER-7452078"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-JS-GITPODGITPODPROTOCOL-7452079"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "github.com/gitpod-io/gitpod vulnerable to Cookie Tossing"
}

GHSA-8WXH-J3RH-HQ7G

Vulnerability from github – Published: 2025-03-17 06:30 – Updated: 2025-03-17 06:30
VLAI
Details

The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2395"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-565"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-17T06:15:25Z",
    "severity": "CRITICAL"
  },
  "details": "The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator.",
  "id": "GHSA-8wxh-j3rh-hq7g",
  "modified": "2025-03-17T06:30:25Z",
  "published": "2025-03-17T06:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2395"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/en/cp-139-10012-d5bbc-2.html"
    },
    {
      "type": "WEB",
      "url": "https://www.twcert.org.tw/tw/cp-132-10011-3de72-1.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9C86-QQFM-5HF3

Vulnerability from github – Published: 2024-04-19 00:30 – Updated: 2024-04-19 00:30
VLAI
Details

The device allows an unauthenticated attacker to bypass authentication and modify the cookie to reveal hidden pages that allows more critical operations to the transmitter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21872"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-565"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-18T23:15:07Z",
    "severity": "HIGH"
  },
  "details": "\nThe device allows an unauthenticated attacker to bypass authentication \nand modify the cookie to reveal hidden pages that allows more critical \noperations to the transmitter.\n\n",
  "id": "GHSA-9c86-qqfm-5hf3",
  "modified": "2024-04-19T00:30:54Z",
  "published": "2024-04-19T00:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21872"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Avoid using cookie data for a security-related decision.

Mitigation
Implementation

Perform thorough input validation (i.e.: server side validation) on the cookie data if you're going to use it for a security related decision.

Mitigation
Architecture and Design

Add integrity checks to detect tampering.

Mitigation
Architecture and Design

Protect critical cookies from replay attacks, since cross-site scripting or other attacks may allow attackers to steal a strongly-encrypted cookie that also passes integrity checks. This mitigation applies to cookies that should only be valid during a single transaction or session. By enforcing timeouts, you may limit the scope of an attack. As part of your integrity check, use an unpredictable, server-side value that is not exposed to the client.

CAPEC-226: Session Credential Falsification through Manipulation

An attacker manipulates an existing credential in order to gain access to a target application. Session credentials allow users to identify themselves to a service after an initial authentication without needing to resend the authentication information (usually a username and password) with every message. An attacker may be able to manipulate a credential sniffed from an existing connection in order to gain access to a target server.

CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies

This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different forms of this attack. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the adversary to impersonate the remote user/session. The third form is when the cookie's content is modified by the adversary before it is sent back to the server. Here the adversary seeks to convince the target server to operate on this falsified information.

CAPEC-39: Manipulating Opaque Client-based Data Tokens

In circumstances where an application holds important data client-side in tokens (cookies, URLs, data files, and so forth) that data can be manipulated. If client or server-side application components reinterpret that data as authentication tokens or data (such as store item pricing or wallet information) then even opaquely manipulating that data may bear fruit for an Attacker. In this pattern an attacker undermines the assumption that client side tokens have been adequately protected from tampering through use of encryption or obfuscation.