CWE-384 - CERT CVE

CWE-384 - Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

CAPEC ID	Naziv
CAPEC-196	Session Credential Falsification through Forging
CAPEC-21	Exploitation of Trusted Identifiers
CAPEC-31	Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-39	Manipulating Opaque Client-based Data Tokens
CAPEC-59	Session Credential Falsification through Prediction
CAPEC-60	Reusing Session IDs (aka Session Replay)
CAPEC-61	Session Fixation