What is the type of web application threat demonstrated by hijacking a user's credentials to impersonate them?

Authentication hijacking is a type of web application threat where an attacker takes control of a user's authentication session to impersonate that user. This can occur when login credentials, session tokens, or cookies are stolen or manipulated, allowing the attacker to gain unauthorized access to the user's account. This threat is particularly concerning in web applications because it can compromise sensitive information, lead to unauthorized actions, and exploit the trust between the user and the application.

By targeting authentication mechanisms, attackers can bypass security controls designed to protect users. It highlights the importance of strong authentication processes, such as using multi-factor authentication, to mitigate such risks.

In this context, the other options do not accurately describe this threat. Session fixation involves forcing a user to use a specific session identifier that the attacker can then exploit. Cross-site scripting (XSS) allows attackers to inject malicious scripts into webpages viewed by other users but does not inherently involve impersonating a user through credential hijacking. Malware infection typically refers to malicious software designed to compromise systems, rather than directly stealing authentication credentials. Thus, authentication hijacking is the most fitting description of the described threat.