Difference between revisions of "Insufficient Session-ID Length"
|Line 10:||Line 10:|
* [[Brute force attack]]
Revision as of 12:30, 29 June 2006
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
The session-ID is not long enough to prevent brute-force session ID guessing attacks. It should be at least 128-bit long.
- Attackers that are try to obtain a valid session id for Session hijacking.