Cornucopia - Ecommerce Website - SM 4
Suit: Session management
Alison can set session identification cookies on another web application because the domain and path are not restricted sufficiently.
There may be reasons to share sessions across multiple applications, but if one of those applications is less secure it might be used to compromise another.
|OWASP SCP||OWASP ASVS||OWASP AppSensor||CAPEC||SAFECODE|