Açıklaması şöyle
What is Session Fixation?In Session Fixation attacks, the attacker hijacks a valid user session. We said that we sign the cookie in order to be sure that no one can hijack another user's valid session. But what if the attacker has his own valid session and tries to associate it with another user? in this case he can perform actions on behalf of the victim.The problems occur when we are not generating new sessionIds(unique identifier) on actions like Login.How can the Attacker do this?One of the cases is when attacker has physical access to the computer. As an attacker, I go to the university and I choose one of the shared computers, then I sign into my account on the vulnerablewebsite.com and then without doing the logout (which normally destroys the session in the server store), I leave an open login page on vulnerablewebsite.com and before that I have to copy my valid sessionId. Now the victim is using this computer and if the victim signs in, the attacker sessionId is associated with the victim's account.
Yani A kişisi giriş (login) yaptıktan sonra çıkış (log out) yapmıyor. Daha B kişisi geliyor ve giriş yapıyor. Sunucu ikinci kişi için yeni bir session id üretmek yerine A kişisine ait session id değerini kullanmaya devam ediyor. Böylece A kişisi B kişisinin bilgilerine erişebilir
Çözüm
Her giriş işleminde yeni bir session id üretmek
Hiç yorum yok:
Yorum Gönder