Name |
Evercookie |
|
Likelyhood of attack |
Typical severity |
High |
Medium |
|
Summary |
An attacker creates a very persistent cookie that stays present even after the user thinks it has been removed. The cookie is stored on the victim's machine in over ten places. When the victim clears the cookie cache via traditional means inside the browser, that operation removes the cookie from certain places but not others. The malicious code then replicates the cookie from all of the places where it was not deleted to all of the possible storage locations once again. So the victim again has the cookie in all of the original storage locations. In other words, failure to delete the cookie in even one location will result in the cookie's resurrection everywhere. The evercookie will also persist across different browsers because certain stores (e.g., Local Shared Objects) are shared between different browsers. |
Prerequisites |
The victim's browser is not configured to reject all cookiesThe victim visits a website that serves the attackers' evercookie |
Solutions | Design: Browser's design needs to be changed to limit where cookies can be stored on the client side and provide an option to clear these cookies in all places, as well as another option to stop these cookies from being written in the first place. Design: Safari browser's private browsing mode is currently effective against evercookies. |
Related Weaknesses |
CWE ID
|
Description
|
CWE-359 |
Exposure of Private Personal Information to an Unauthorized Actor |
|
Related CAPECS |
CAPEC ID
|
Description
|
CAPEC-554 |
An adversary attacks a system by bypassing some or all functionality intended to protect it. Often, a system user will think that protection is in place, but the functionality behind those protections has been disabled by the adversary. |
|
Taxonomy: ATTACK |
Entry ID
|
Entry Name
|
1606.001 |
Forge Web Credentials: Web Cookies |
|