CWE-6

J2EE Misconfiguration: Insufficient Session-ID Length

VariantIncomplete

Description

The J2EE application is configured to use an insufficient session ID length.

If an attacker can guess or steal a session ID, then they may be able to take over the user's session (called session hijacking). The number of possible session IDs increases with increased session ID length, making it more difficult to guess or steal a session ID.

Hierarchy (View 1000)

Parents

CWE-334

Children

none

Related attack patterns (CAPEC)

CAPEC-21 · CAPEC-59

CVEs mapped to this weakness (0)

No CVEs match the current filter.