CWE-784

Overview

CWE ID
784

CWE Name
Reliance on Cookies without Validation and Integrity Checking in a Security Decision

CWE Abstraction
Variant

CWE structure
Simple

CWE Status
Draft

Description

The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.

Extended Description

Attackers can easily modify cookies, within the browser or by implementing the client-side code outside of the browser. Attackers can bypass protection mechanisms such as authorization and authentication by modifying the cookie to contain an expected valu

Related CWEs

CWE ID	View ID	Nature	Ordinal
807	1000	ChildOf
565	1000	ChildOf	Primary

Related CVEs

CVE
CVE-2020-8184
CVE-2022-3083
CVE-2023-3050
CVE-2024-9820