Category:Attack Categorisation By Attacker Model: Access to Valid Token
From Single Sign-On Attacks
The attacker knows the component for identification and authentication of the user. The goal in this class of attacks is to expand the rights provided by the given token. Using of Cross-Site-Scripting (XSS) attack the malefactor can obtain a token.