DLT Labs
Published in

DLT Labs

What is a Session Puzzling attack?

Session Puzzles are vulnerabilities at the application level that can be exploited by overriding session attributes, also referred to as ‘Session Variable Overloading.’

We observe this vulnerability when the same session variable is used for more than one purpose, which makes it possible to grant access to pages in an order that is unanticipated by developers, whereby a session variable set in one…

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store