Additional threats

• Session hijacking – essentially auth bypass

• • Sessions that are restricted based on IP address are vulnerable to spoofing
  • Sessions that use cookies can have cookies stolen via XSS or other means
  • Sensitive sessions (that allow config changes for example) should be fairly short-lived

• Denial of service – crashing the device or otherwise interfering with normal functioning