CWE-384 - CERT CVE

CWE-384 - Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

CAPEC ID Naziv
CAPEC-196 Session Credential Falsification through Forging
CAPEC-21 Exploitation of Trusted Identifiers
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-39 Manipulating Opaque Client-based Data Tokens
CAPEC-59 Session Credential Falsification through Prediction
CAPEC-60 Reusing Session IDs (aka Session Replay)
CAPEC-61 Session Fixation