Information Disclosure: Frontend Guessable Cookie Value¶
Identifier:
guessable_cookie_value
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
Using easily guessable values for cookies can make applications vulnerable to session hijacking, allowing attackers to guess valid cookie values and impersonate legitimate users.
How we test: We analyze cookie values in responses to detect if they are easily guessable, such as sequential numbers, timestamps, or predictable patterns. We check for weak entropy and patterns that indicate cookies could be guessed or predicted by attackers.
References:
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.