Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrNehalr777CA428C31-858D-47FA-ADC9-2A59F8E8B2B1
HistorySep 29, 2022 - 7:00 p.m.

Session does not expire on password reset

2022-09-2919:00:03
nehalr777
www.huntr.dev
7
session
password reset
browser.

EPSS

0.002

Percentile

57.1%

JSON

Description

On changing password both session using which user changes password and old sessions in any other browser or device does not expire and remains active

Proof of Concept

1.Go to https://rdiffweb-dev.ikus-soft.com/login/ and login into same account using browser A and B
2.From Browser B  change password associated with your account
3.Notice that Session on Browser A will remain active and does not expire.

Related

veracode 1
osv 3
cvelist 1
nvd 1
cve 1
github 1
prion 1
veracode
veracode
Improper Session Management
2022-11-16 03:15:21
osv
osv
rdiffweb vulnerable to Insufficient Session Expiration
2022-11-15 12:00:17
PYSEC-2022-43000
2022-11-14 21:15:00
CVE-2022-3362
2022-11-14 21:15:16
cvelist
cvelist
CVE-2022-3362 Insufficient Session Expiration in ikus060/rdiffweb
2022-11-14 00:00:00
nvd
nvd
CVE-2022-3362
2022-11-14 21:15:16
cve
cve
CVE-2022-3362
2022-11-14 21:15:16
github
github
rdiffweb vulnerable to Insufficient Session Expiration
2022-11-15 12:00:17
prion
prion
Session fixation
2022-11-14 21:15:00

EPSS

0.002

Percentile

57.1%

JSON
Related for CA428C31-858D-47FA-ADC9-2A59F8E8B2B1
veracode1osv3cvelist1nvd1cve1github1prion1