A Forged Cookie is a maliciously crafted HTTP cookie designed to impersonate valid users without knowledge of their password. A forged cookie can allow an attacker to bypass authentication no matter how complex the password is and in some cases can bypass multifactor authentication.