Lucene search
GoogleOSV:CVE-2021-3311HistoryFeb 05, 2021 - 2:15 p.m.
CVE-2021-3311
2021-02-0514:15:19
Google
osv.dev
6
An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an attacker.
Related
osv
osv
October CMS Session ID not invalidated after logout
2021-02-10 02:32:35
nvd
nvd
CVE-2021-3311
2021-02-05 14:15:19
github
github
October CMS Session ID not invalidated after logout
2021-02-10 02:32:35
cve
cve
CVE-2021-3311
2021-02-05 14:15:19
veracode
veracode
Insecure Session Management
2021-02-11 03:57:54
cvelist
cvelist
CVE-2021-3311
2021-02-05 04:47:53
prion
prion
Authentication flaw
2021-02-05 14:15:00