Hi Johan Flikweert,
Privilege Escalation via Cookie/Token Manipulation and the Use of Weak Hashing Algorithms are categorized under penetration testing. Penetration testing is a professional security assessment that simulates real-world attack scenarios to identify vulnerabilities within systems and networks.
Typically, vulnerabilities discovered during such assessments are classified as High, Medium, or Low based on their threat level—particularly the type and sensitivity of data that could be accessed from the hosting environment.
In our case, the application is hosted on-premises using IIS (Internet Information Services).
You mentioned the risk of cookie theft — could you please share your suggestions on how to prevent it?
Thank you