Robo de sesión

session hijacking

Session hijacking, also known as TCP session hijacking, is a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user. Once the user's session ID has been accessed (through session prediction), the attacker can masquerade as that user and do anything the user is authorized to do on the network.

http://searchsoftwarequality.techtarget.com/glossary/

(en) Session Hijack Attack

An attack in which the Attacker is able to insert himself or herself between a Claimant and a Verifier subsequent to a successful authentication exchange between the latter two parties. The Attacker is able to pose as a Subscriber to the Verifier or vice versa to control session data exchange. Sessions between the Claimant and the Relying Party can also be similarly compromised. [NIST-SP800-63:2013]

(en) Session Hijacking

Take over a session that someone else has established.

(en) Session hijacking

An intrusion technique whereby a hacker sends a command to an already existing connection between two machines, in order to wrest control of the connection away from the machine that initiated it. The hacker's goal is to gain access to a server while bypassing normal authentication measures.

http://www.watchguard.com/glossary/

(en) Session stealing

See session hijacking

http://www.watchguard.com/glossary/

(en) Session Hi-Jacking

The result of a users session being compromised by an attacker. The attacker could reuse this stolen session to masquerade as the user.

http://www.webappsec.org/projects/glossary/

(en) Session ID

A string of data provided by the web server, normally stored within a cookie or URL. A Session ID tracks a users session, or perhaps just his current session, as he traverse the web site.

http://www.webappsec.org/projects/glossary/

(en) Session Manipulation

An attack technique used to hi-jack another users session by altering a session ID or session credential value.

http://www.webappsec.org/projects/glossary/

(en) Session Prediction

An attack technique used to create fraudulent session credentials or guess other users current session IDs. If successful, an attacker could reuse this stolen session to masquerade as another user.

http://www.webappsec.org/projects/glossary/

(en) Session Replay

When a web site permits an attacker to reuse old session credentials or session IDs for authorization.

http://www.webappsec.org/projects/glossary/

(en) Hijack Attack

A form of active wiretapping in which the attacker seizes control of a previously established communication association.

http://www.sans.org/security-resources/glossary-of-terms/

Temas relacionados

Términos