Multiphase Process Bypass via Session Puzzling
Also Known As:
Session Variable Overloading
Quick Introduction to the Topic:
Vector Operation Method:
Attackers can abuse hardcoded default session values or multiple components relying on identical session attributes to bypass the authentication enforcement mechanism via abnormal access sequences. Flow oriented session puzzling attacks rely on performing multiple multiphase processes that rely on similar session flags - simultaneously, while making use of forced browsing in customized sequences, and usually without relying on session poisoning, and thus, are harder to identify in web application firewalls.