Skip to content

Information Disclosure: Frontend Guessable Cookie Value

Identifier: guessable_cookie_value

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

Using easily guessable values for cookies can make applications vulnerable to session hijacking, allowing attackers to guess valid cookie values and impersonate legitimate users.

How we test: We analyze cookie values in responses to detect if they are easily guessable, such as sequential numbers, timestamps, or predictable patterns. We check for weak entropy and patterns that indicate cookies could be guessed or predicted by attackers.

References:

Configuration

Example

Example configuration:

---
security_tests:
  guessable_cookie_value:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.