Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V3 - Session Management

Session token predictable / low entropy

POC

  1. Perform a standard request on the application
  2. Observe session token can be decrypted or guessable or brute forceable

Impact

Low

Likelihood

Low