Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
A pass-the-cookie attack steals authenticated session cookies to hijack a user's session and bypass passwords and MFA without re-authenticating.
Pass-the-Cookie Attack Definition: A pass-the-cookie attack steals authenticated session cookies to hijack a user's session and bypass passwords and MFA without re-authenticating.
A pass-the-cookie attack is a session hijacking technique in which an attacker steals a browser's authentication session cookie and imports it into their own browser to impersonate the victim. Because the cookie represents an already-authenticated session, this lets the attacker bypass passwords and multi-factor authentication entirely. Stolen cookies are typically harvested via infostealer malware, cross-site scripting, or man-in-the-middle proxies, and are mapped in MITRE ATT&CK as Web Session Cookie theft (T1539).
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →