Search
Total
39 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3144 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2023-12-21 | 7.5 HIGH | 9.1 CRITICAL |
| In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.) | |||||
| CVE-2023-49091 | 1 Cosmos-cloud | 1 Cosmos Server | 2023-12-08 | N/A | 9.8 CRITICAL |
| Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. Cosmos-server is vulnerable due to to the authorization header used for user login remaining valid and not expiring after log out. This vulnerability allows an attacker to use the token to gain unauthorized access to the application/system even after the user has logged out. This issue has been patched in version 0.13.0. | |||||
| CVE-2023-5865 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-11-09 | N/A | 9.8 CRITICAL |
| Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2. | |||||
| CVE-2023-40174 | 1 Fobybus | 1 Social-media-skeleton | 2023-08-23 | N/A | 9.8 CRITICAL |
| Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session. Social media skeleton releases prior to 1.0.5 did not properly limit manage user session lifecycles. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-4005 | 1 Fossbilling | 1 Fossbilling | 2023-08-03 | N/A | 9.8 CRITICAL |
| Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5. | |||||
| CVE-2022-22317 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Curam Social Program Management and 4 more | 2022-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281. | |||||
| CVE-2022-22318 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Curam Social Program Management and 4 more | 2022-06-28 | 6.5 MEDIUM | 9.8 CRITICAL |
| IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | |||||
| CVE-2022-24042 | 1 Siemens | 8 Desigo Dxr2, Desigo Dxr2 Firmware, Desigo Pxc3 and 5 more | 2022-05-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application returns an AuthToken that does not expire at the defined auto logoff delay timeout. An attacker could be able to capture this token and re-use old session credentials or session IDs for authorization. | |||||
| CVE-2021-25992 | 1 If-me | 1 Ifme | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated logout. It makes it possible for an attacker to reuse the admin cookies either via local/network access or by other hypothetical attacks. | |||||
| CVE-2021-22820 | 1 Schneider-electric | 12 Evlink City Evc1s22p4, Evlink City Evc1s22p4 Firmware, Evlink City Evc1s7p4 and 9 more | 2022-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) | |||||
| CVE-2021-25981 | 1 Talkyard | 1 Talkyard | 2022-01-14 | 10.0 HIGH | 9.8 CRITICAL |
| In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attacker is able to obtain that token (via other, hypothetical attacks) | |||||
| CVE-2021-35034 | 1 Zyxel | 2 Nbg6604, Nbg6604 Firmware | 2022-01-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attacker to access the device if the correct token can be intercepted. | |||||
| CVE-2020-27416 | 1 Mahadiscom | 1 Mahavitaran | 2021-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account. | |||||
| CVE-2021-42545 | 1 Business-dnasolutions | 1 Topease | 2021-12-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions. | |||||
| CVE-2021-36330 | 1 Dell | 1 Emc Streaming Data Platform | 2021-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user. | |||||
| CVE-2021-25985 | 1 Darwin | 1 Factor | 2021-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s session even after the user logs out of the application. In addition, user sessions are stored in the browser’s local storage, which by default does not have an expiration time. This makes it possible for an attacker to steal and reuse the cookies using techniques such as XSS attacks, followed by a local account takeover. | |||||
| CVE-2021-25979 | 1 Apostrophecms | 1 Apostrophecms | 2021-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows unauthenticated remote attackers to hijack recently logged-in users' sessions. | |||||
| CVE-2020-15269 | 1 Sparksolutions | 1 Spree | 2021-11-18 | 6.4 MEDIUM | 9.1 CRITICAL |
| In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory. | |||||
| CVE-2021-40849 | 1 Mahara | 1 Mahara | 2021-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services token is vulnerable to being exploited and logged into, resulting in information disclosure (at a minimum) and often escalation of privileges. | |||||
| CVE-2021-24019 | 1 Fortinet | 1 Forticlient Endpoint Management Server | 2021-10-14 | 7.5 HIGH | 9.8 CRITICAL |
| An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | |||||
| CVE-2021-41100 | 1 Wire | 1 Wire-server | 2021-10-12 | 7.5 HIGH | 9.8 CRITICAL |
| Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the `Authorization` header. As the short-lived token is only meant as means of authentication by the client for less critical requests to the backend, the ability to change the email address with a short-lived token constitutes a privilege escalation attack. Since the attacker can change the password after setting the email address to one that they control, changing the email address can result in an account takeover by the attacker. Short-lived tokens can be requested from the backend by Wire clients using the long lived tokens, after which the long lived tokens can be stored securely, for example on the devices key chain. The short lived tokens can then be used to authenticate the client towards the backend for frequently performed actions such as sending and receiving messages. While short-lived tokens should not be available to an attacker per-se, they are used more often and in the shape of an HTTP header, increasing the risk of exposure to an attacker relative to the long-lived tokens, which are stored and transmitted in cookies. If you are running an on-prem instance and provision all users with SCIM, you are not affected by this issue (changing email is blocked for SCIM users). SAML single-sign-on is unaffected by this issue, and behaves identically before and after this update. The reason is that the email address used as SAML NameID is stored in a different location in the databse from the one used to contact the user outside wire. Version 2021-08-16 and later provide a new end-point that requires both the long-lived client cookie and `Authorization` header. The old end-point has been removed. If you are running an on-prem instance with at least some of the users invited or provisioned via SAML SSO and you cannot update then you can block `/self/email` on nginz (or in any other proxies or firewalls you may have set up). You don't need to discriminate by verb: `/self/email` only accepts `PUT` and `DELETE`, and `DELETE` is almost never used. | |||||
| CVE-2021-37333 | 1 Bookingcore | 1 Booking Core | 2021-10-12 | 7.5 HIGH | 9.8 CRITICAL |
| Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at sandbox.bookingcore.org/user/profile/change-password does not invalidate a session that is opened in a different browser. | |||||
| CVE-2021-38823 | 1 Icehrm | 1 Icehrm | 2021-10-12 | 7.5 HIGH | 9.8 CRITICAL |
| The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser. | |||||
| CVE-2015-5171 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa | 2021-08-25 | 7.5 HIGH | 9.8 CRITICAL |
| The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions. | |||||
| CVE-2019-11168 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. | |||||
| CVE-2020-35358 | 1 Domainmod | 1 Domainmod | 2021-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access to some system data or functionality. | |||||
| CVE-2021-3311 | 1 Octobercms | 1 October | 2021-03-15 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker. | |||||
| CVE-2020-6649 | 1 Fortinet | 1 Fortiisolator | 2021-02-10 | 7.5 HIGH | 9.8 CRITICAL |
| An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | |||||
| CVE-2020-29667 | 1 Lanatmservice | 1 M3 Atm Monitoring System | 2020-12-14 | 10.0 HIGH | 9.8 CRITICAL |
| In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration. | |||||
| CVE-2020-27422 | 1 Anuko | 1 Time Tracker | 2020-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account. | |||||
| CVE-2016-11014 | 1 Netgear | 2 Jnr1010, Jnr1010 Firmware | 2020-11-10 | 7.5 HIGH | 9.8 CRITICAL |
| NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case. | |||||
| CVE-2020-27739 | 1 Citadel | 1 Webcit | 2020-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread. | |||||
| CVE-2020-8234 | 1 Ui | 12 Edgemax Firmware, Ep-s16, Es-12f and 9 more | 2020-08-31 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection. | |||||
| CVE-2019-8149 | 1 Magento | 1 Magento | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can append arbitrary session id that will not be invalidated by subsequent authentication. | |||||
| CVE-2020-17474 | 1 Zkteco | 3 Facedepot 7b, Facedepot 7b Firmware, Zkbiosecurity Server | 2020-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to create arbitrary new users, elevate users to administrators, delete users, and download user faces from the database. | |||||
| CVE-2014-2595 | 1 Barracuda | 1 Web Application Firewall | 2020-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string. | |||||
| CVE-2018-6634 | 3 Canonical, Microsoft, Parsecgaming | 3 Ubuntu Linux, Windows, Parsec | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maintain access to an account. | |||||
| CVE-2018-21018 | 1 Joinmastodon | 1 Mastodon | 2019-09-23 | 7.5 HIGH | 9.8 CRITICAL |
| Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions. | |||||
| CVE-2016-5069 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2017-04-14 | 7.5 HIGH | 9.8 CRITICAL |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL. | |||||