Weak Session IDs
Objective
This module uses four different ways to set the dvwaSession cookie value, the objective of each level is to work out how the ID is generated and then infer the IDs of other system users.
Security Level: Low
The cookie value should be very obviously predictable.
Let's inspect the page and check for the cookies.
As we can see, the dvwaSession
cookie is set to 1. Let's click on the Generate
button and check what happens.
The dvwaSession
cookie is now set to 1. Now we know that the application increments the cookie every time the user clicks on the Generate
button.
We could also check the provided source code to be sure.
Security Level: Medium
The value looks a little more random than on low but if you collect a few you should start to see a pattern.
In this level the value of the dvwaSession
cookie increments by 1 the first we click the button and then by 2.
This process is repeated as many times as the user clicks the button.