![]() Alternately an attacker may be able to manipulate an existing credential to appear as a different user. ![]() By manually tweaking this cookie, a user might be able to increase their access rights to the server. For example, a credential in the form of a web cookie might have a field that indicates the access rights of a user. An attacker may be able to manipulate a credential sniffed from an existing connection in order to gain access to a target server. Session credentials allow users to identify themselves to a service after an initial authentication without needing to resend the authentication information (usually a username and password) with every message. An attacker manipulates an existing credential in order to gain access to a target application.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |