CWE-384
Session Fixation
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
Official CWE-384 definition at MITREImpactr finds and proves weaknesses like CWE-384 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist