Lucene search
0xcyberyD27D232B-2578-4B32-B3B4-74AABDADF629HistoryAug 16, 2022 - 8:12 a.m.
Insufficient Session Expiration
2022-08-1608:12:42
0xcybery
www.huntr.dev
6
0.0004 Low
EPSS
Percentile
12.9%
Description
Insufficient Session Expiration is when a website permits an attacker to reuse old session credentials or session IDs for authorization.
Proof of Concept
Steps to reproduce
1- Login into http://127.0.0.1:5000/login/ (OctoPrint).
2- Open browser in the incognito tab or open another browser and login with the same user.
3- In step 1 change the password and login again.
4- In step 2 the old session is still valid, it must expire.
References
Related
veracode
veracode
Insufficient Session Expiration
2022-09-23 08:33:47
cve
cve
CVE-2022-2888
2022-09-21 12:15:09
osv
osv
PYSEC-2022-282
2022-09-21 12:15:00
OctoPrint vulnerable to Insufficient Session Expiration.
2022-09-22 00:00:31
CVE-2022-2888
2022-09-21 12:15:09
cvelist
cvelist
CVE-2022-2888 Insufficient Session Expiration in octoprint/octoprint
2022-09-21 11:25:08
github
github
OctoPrint vulnerable to Insufficient Session Expiration.
2022-09-22 00:00:31
prion
prion
Code injection
2022-09-21 12:15:00
nvd
nvd
CVE-2022-2888
2022-09-21 12:15:09