You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Server-->>Client: Respond with session ID (persistent session created)
181
+
182
+
Attacker->>Server: Access/guess session ID
183
+
Note right of Attacker: Attacker knows/guesses session ID
184
+
185
+
Attacker->>Server: Make API call (using session ID, no re-auth)
186
+
Server-->>Attacker: Respond as if Attacker is Client (session hijack)
187
+
```
188
+
189
+
#### 2.3.3 Attack Description
190
+
191
+
In horizontally scaled stateful streamable HTTP servers, the following are possible:
192
+
193
+
1. Session Highjack Prompt Injection
194
+
1. The client connects to Server A and receives a session ID.
195
+
2. The attacker guesses or accesses the session ID and sends a malicious event to Server B, using the session ID.
196
+
3. Server B enqueues the event (keyed by session ID) into a shared queue.
197
+
4. Server A polls the queue for events using the session ID and retrieves the malicious payload.
198
+
5. Server A sends the malicious payload to the client as an asynchronous response.
199
+
6. The client receives and acts on the malicious payload, potentially leading to compromise.
200
+
2. Session Impersonation Hijack
201
+
1. The client authenticates with the server, which creates a persistent session and returns a session ID.
202
+
2. The attacker guesses or accesses the session ID.
203
+
3. The attacker makes API calls to the server using the stolen session ID.
204
+
4. The server does not re-authenticate the request and treats the attacker as the legitimate user, allowing unauthorized access or actions.
205
+
206
+
#### 2.3.4 Mitigation
207
+
208
+
To prevent session hijacking and event injection attacks, the following mitigations should be implemented:
209
+
210
+
HTTP servers **MUST** authenticate All Requests.
211
+
Ensure that every request is authenticated. HTTP MCP Servers **MUST NOT** use sessions for authentication.
212
+
213
+
HTTP servers **MUST** use secure, unpredictable session IDs.
214
+
Generate session IDs using secure random generators, such as cryptographically secure UUIDs. Avoid predictable or sequential session identifiers that could be guessed by an attacker.
215
+
216
+
HTTP servers **SHOULD** bind session keys to user-specific information.
217
+
When storing or transmitting session-related data (e.g., in a queue), combine the session ID with information unique to the authenticated user, such as their internal user ID. For example, use a key format like `<user_id>:<session_id>`. This ensures that even if an attacker guesses a session ID, they cannot impersonate another user as the user ID is derived from authentication of the user token, and not provided by the client.
218
+
219
+
HTTP servers can optionally leverage additional unique identifiers.
220
+
Consider incorporating other unique attributes, such as the source IP address, into the session key. This adds another layer of defense, making it more difficult for attackers to hijack sessions from different locations.
0 commit comments