Authentication Token Theft

high

token-theft

Attacker steals authentication tokens to impersonate users or gain unauthorized access

SpoofingElevation of Privilege

MITRE ATT&CK techniques

ID	Name	Tactic
T1528	Steal Application Access Token	Credential Access
T1539	Steal Web Session Cookie	Credential Access

Common Weakness Enumeration

CWE-522

Mitigating controls

ctrl-token-1: Use short-lived tokens with automatic refresh
ctrl-token-2: Implement token binding to client attributes
ctrl-token-3: Store tokens securely (HttpOnly, Secure cookies)
ctrl-token-4: Implement token revocation mechanisms
ctrl-token-5: Monitor for token reuse from multiple locations

References

https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html