Difference between revisions of "Insufficient Session-ID Length"

From OWASP
Jump to: navigation, search
(Related Attacks)
Line 10: Line 10:
  
 
==Related Attacks==
 
==Related Attacks==
* [[Brute-force attack]]
+
* [[Brute force attack]]
  
 
==Related Vulnerabilities==
 
==Related Vulnerabilities==

Revision as of 13:30, 29 June 2006

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


Description

The session-ID is not long enough to prevent brute-force session ID guessing attacks. It should be at least 128-bit long.

Examples

Related Threats

Related Attacks

Related Vulnerabilities

Related Countermeasures

Category:Session Management

Categories

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.