Skip to main content

Networking / Loadbalancer / Threats / DEV

Session Persistence Is Exploited

CCC.LB.TH04

Improper session-affinity settings can enable session fixation or hijacking across backend targets.

Related Capabilities

IDTitleDescription
CCC.LB.CP15Session AffinityCan configure subsequent requests from an initial client to be passed to the same target.

Related Controls

IDTitleDescription
CCC.LB.CN05Validate Session AffinityConfigure session persistence to minimise fixation and hijacking risks.

External Mappings

FrameworkIDRemarks
MITRE-ATT&CKT1078
MITRE-ATT&CKT1557