An attacker manipulates an existing credential in order to gain access to
						a target application. Session credentials allow users to identify themselves
						to a service after an initial authentication without needing to resend the
						authentication information (usually a username and password) with every
						message. An attacker may be able to manipulate a credential sniffed from an
						existing connection in order to gain access to a target server. For example,
						a credential in the form of a web cookie might have a field that indicates
						the access rights of a user. By manually tweaking this cookie, a user might
						be able to increase their access rights to the server. Alternately an
						attacker may be able to manipulate an existing credential to appear as a
						different user. This attack differs from falsification through prediction in
						that the user bases their modified credentials off existing credentials
						instead of using patterns detected in prior credentials to create a new
						credential that is accepted because it fits the pattern. As a result, an
						attacker may be able to impersonate other users or elevate their permissions
						to a targeted service.