Skip navigation
Currently Being Moderated

How is QID 86310 - Web Server Predictable Session ID Vulnerability detected?

Created by kb-author-1 on May 19, 2010 5:04 PM - Last modified by eschamp on Sep 2, 2010 8:59 AM

Issue:

How is QID 86310 - Web Server Predictable Session ID Vulnerability detected?

 

Solution:

This vulnerability is tested as follows:

 

1. QualysGuard sends several consecutive HTTP requests to the web server.

 

2. For each reply sent by the web server, QualysGuard collects the cookie included in the reply like this:

 

"Set-Cookie: ASPSESSIONIDCBABCTAT=KPPGDIMDDMANNJHAHCBKCOJO; path=/".

 

3. After receiving all replies and therefore collecting all different cookies, QualysGuard examines how many characters out of the total number of cookie characters do vary from one reply to the next one.

 

QID 86310 is reported if too many characters of the cookie have fixed values or do not vary enough.

 

False positives may occur when the examined cookies are not actually session IDs. The QualysGuard test is unable to tell which cookies are session IDs and which are not. It examines all cookies it finds.

 

If a false positive is suspected, please contact our support team - see http://www.qualys.com/support/ for details - to open a case so our vulnerability team can investigate and make the necessary corrections.

 

Qualys Support KnowledgeBase

http://community.qualys.com/community/kb

Comments (0)