SFP Secondary Cluster: Insecure Session Management
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
This category identifies Software Fault Patterns (SFPs) within the Insecure Session Management cluster.
The product does not sufficiently enforce boundaries between the states of different sessions, causing data to be provided to, or used by, the wrong session.
The J2EE application is configured to use an insufficient session ID length.
The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.
CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).