目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-384 会话固定 类漏洞列表 150

CWE-384 会话固定 类弱点 150 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-384 会话固定是一种身份验证漏洞,指系统在用户认证后未销毁旧会话标识符,导致攻击者可利用预设的会话ID劫持合法会话。攻击者通常诱导受害者使用其控制的会话ID进行登录,从而窃取权限。开发者应避免此问题,需在用户成功认证或权限变更后强制生成新的会话标识符,并彻底销毁旧会话,确保会话状态与用户身份严格绑定。

MITRE CWE 官方描述
CWE:CWE-384 Session Fixation(会话固定) 在验证用户身份或建立新的用户会话时,如果不使任何现有的会话标识符(Session Identifier)失效,攻击者便有机会窃取已认证的会话。 通常会在以下场景中观察到此类情况:Web 应用在未首先使现有会话失效的情况下对用户进行身份验证,从而继续使用已与用户关联的会话。攻击者能够强制用户接受一个已知的会话标识符,以便在用户完成身份验证后,攻击者即可访问该已认证的会话。应用程序或容器使用可预测的会话标识符。在针对会话固定漏洞的通用利用中,攻击者在 Web 应用中创建一个新会话并记录相关的会话标识符。随后,攻击者诱导受害者使用该会话标识符与服务器建立关联(并可能进行身份验证),从而使攻击者能够通过该活动会话访问用户的账户。
常见影响 (1)
Access ControlGain Privileges or Assume Identity
缓解措施 (3)
Architecture and DesignInvalidate any existing session identifiers prior to authorizing a new user session.
Architecture and DesignFor platforms such as ASP that do not generate new values for sessionid cookies, utilize a secondary cookie. In this approach, set a secondary cookie on the user's browser to a random value and set a session variable to the same value. If the session variable and the cookie value ever don't match, invalidate the session, and force the user to log on again.
OperationUse an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
Effectiveness: Moderate
代码示例 (2)
The following example shows a snippet of code from a J2EE web application where the application authenticates users with LoginContext.login() without first calling HttpSession.invalidate().
private void auth(LoginContext lc, HttpSession session) throws LoginException { ... lc.login(); ... }
Bad · Java
The following example shows a snippet of code from a J2EE web application where the application authenticates users with a direct post to the <code>j_security_check</code>, which typically does not invalidate the existing session before processing the login request.
<form method="POST" action="j_security_check"> <input type="text" name="j_username"> <input type="text" name="j_password"> </form>
Bad · HTML
CVE ID标题CVSS风险等级Published
CVE-2021-22927 Citrix Application Delivery Controller授权问题漏洞 — Citrix ADC, Citrix Gateway 8.1 -2021-08-05
CVE-2021-32710 Shopware 授权问题漏洞 — platform 5.9 Medium2021-06-24
CVE-2010-1434 Joomla 授权问题漏洞 — Joomla 7.5 -2021-06-21
CVE-2021-32676 Nextcloud Talk 授权问题漏洞 — security-advisories 6.5 Medium2021-06-16
CVE-2018-16495 Versa VOS 授权问题漏洞 — Versa VOS 8.8 -2021-05-26
CVE-2019-18946 Micro Focus Solutions Business Manager 授权问题漏洞 — Solutions Business Manager 4.8 Medium2021-02-26
CVE-2020-25198 MOXA NPort IAW5000A-I/O Series 授权问题漏洞 — NPort IAW5000A-I/O 8.8 High2020-12-23
CVE-2020-10714 Red Hat WildFly Elytron 授权问题漏洞 — wildfly-elytron 9.8 -2020-09-23
CVE-2020-6302 SAP Commerce 安全漏洞 — SAP Commerce 8.1 -2020-09-09
CVE-2020-1993 Palo Alto Networks PAN-OS 授权问题漏洞 — PAN-OS 3.7 Low2020-05-13
CVE-2020-5290 RedpwnCTF 授权问题漏洞 — rctf 6.5 Medium2020-04-01
CVE-2019-15612 Nextcloud Server 授权问题漏洞 — Nextcloud Server 8.1 -2020-02-04
CVE-2020-5205 Pow 授权问题漏洞 — Pow 6.5 Medium2020-01-09
CVE-2019-10158 Red Hat Infinispan 授权问题漏洞 — infinispan 9.4 -2020-01-02
CVE-2019-0062 Juniper Networks Junos OS 授权问题漏洞 — Junos OS 7.5 High2019-10-09
CVE-2019-13517 BD Pyxis 授权问题漏洞 — BD 8.8 -2019-09-06
CVE-2019-6584 Siemens LOGO!8 代码问题漏洞 — SIEMENS LOGO!8 8.8 -2019-06-12
CVE-2019-1807 Cisco Umbrella Dashboard 授权问题漏洞 — Cisco Umbrella 8.3 -2019-05-03
CVE-2019-3783 Cloud Foundry Stratos 信任管理问题漏洞 — Stratos 8.8 -2019-03-07
CVE-2019-3784 Cloud Foundry Stratos 授权问题漏洞 — Stratos 8.1 -2019-03-07
CVE-2018-13282 Synology Photo Station 安全漏洞 — Photo Station 7.6 -2018-10-31
CVE-2018-16463 Nextcloud Server 安全漏洞 — Nextcloud Server 5.4 -2018-10-30
CVE-2018-17902 多款Yokogawa产品安全漏洞 — STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500 7.5 -2018-10-12
CVE-2018-8852 Philips e-Alert 安全漏洞 — e-Alert Unit (non-medical device) 8.8 -2018-09-26
CVE-2016-8609 Red Hat keycloak 授权问题漏洞 — keycloak 8.8 -2018-08-01
CVE-2018-5385 Navarino Infinity 安全漏洞 — Infinity 8.8 -2018-07-24
CVE-2018-0359 Cisco Meeting Server 安全漏洞 — Cisco Meeting Server unknown 4.0 -2018-06-21
CVE-2018-0229 多款Cisco产品AnyConnect Secure Mobility Client、Adaptive Security ApplianceSoftware和Firepower Threat Defense Software 安全漏洞 — Cisco ASA Software, FTD Software, and AnyConnect Secure Mobility Client 8.1 -2018-04-19
CVE-2018-5465 多款Belden产品安全漏洞 — Hirschmann Automation and Control GmbH Classic Platform Switches 8.8 -2018-03-06
CVE-2016-9125 Revive Adserver 安全漏洞 — Revive Adserver All versions before 3.2.3 9.8 -2017-03-28

CWE-384(会话固定) 是常见的弱点类别,本平台收录该类弱点关联的 150 条 CVE 漏洞。