Documentation - V-206400

V-206400

Web Server Security Requirements Guide

CAT II

Title

The web server must generate unique session identifiers that cannot be reliably reproduced.

Description

<VulnDiscussion>Communication between a client and the web server is done using the HTTP protocol, but HTTP is a stateless protocol. In order to maintain a connection or session, a web server will generate a session identifier (ID) for each client session when the session is initiated. The session ID allows the web server to track a user session and, in many cases, the user, if the user previously logged into a hosted application. By being able to guess session IDs, an attacker can easily perfo...

Fix Text (Documentation Requirement)

Configure the web server to generate random and unique session identifiers that cannot be reliably reproduced.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel