CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
43.3%
From issue:
Problem description
Currently, the refresh token is valid indefinitely. This is bad security practice.
Desired solution
The refresh token should get a validity of 24-48 hours.
Additional context
When implementing this, also check that the refresh token returns a new refresh token
When implementing this, also adapt the UI so that it logs out if refresh token is no longer valid.
When implementing this, ensure that nodes refresh their token periodically so that they do not have to be restarted manually.
None available
None available