DocumentCode :
1413300
Title :
Leaky or Guessable Session Identifiers
Author :
Farrell, Stephen
Author_Institution :
Trinity Coll. Dublin, Dublin, Ireland
Volume :
15
Issue :
1
fYear :
2011
Firstpage :
88
Lastpage :
91
Abstract :
Many Internet and Web applications use session identifiers. Too often, developers of those applications make the bad assumption that all is well because session identifiers are only known to authorized users. However, in many cases, session identifiers can leak out or be guessed, sometimes trivially. If presenting an identifier is the only authorization an application requires, it can represent an easily exploited vulnerability. Although these vulnerabilities are old and well-known, some recent examples of problems arising from them show that developers must remain on guard against them.
Keywords :
Internet; authorisation; Internet; Web applications; guessable session identifiers; leaky session identifiers; Cryptography; Decision support systems; Entropy; Libraries; Standards; Web services; brute-force; guessing; information leakage; session identifier security;
fLanguage :
English
Journal_Title :
Internet Computing, IEEE
Publisher :
ieee
ISSN :
1089-7801
Type :
jour
DOI :
10.1109/MIC.2011.12
Filename :
5676172
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=1413300
بازگشت