CWE-565
Overview
- CWE ID
- 565
- CWE Name
- Reliance on Cookies without Validation and Integrity Checking
- CWE Abstraction
- Base
- CWE structure
- Simple
- CWE Status
- Incomplete
Description
The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.
Extended Description
Attackers can easily modify cookies, within the browser or by implementing the client-side code outside of the browser. Reliance on cookies without detailed validation and integrity checking can allow attackers to bypass authentication, conduct injection