Lucene search
PRIOn knowledge basePRION:CVE-2022-21652HistoryJan 05, 2022 - 8:15 p.m.
Design/Logic Flaw
2022-01-0520:15:00
PRIOn knowledge base
www.prio-n.com
4
Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation was adjusted, so that sessions created prior to the latest password change of a customer account can’t be used to login with said account. This also means, that upon a password change, all existing sessions for a given customer account are automatically considered invalid. There is no workaround for this issue.
Related
cve
cve
CVE-2022-21652
2022-01-05 20:15:08
cnvd
cnvd
Shopware Trust Management Issue Vulnerability
2022-01-06 00:00:00
cvelist
cvelist
CVE-2022-21652 Insufficient Session Expiration in shopware
2022-01-05 19:20:18
veracode
veracode
Insecure Session Management
2022-01-06 04:17:28
osv
osv
Insufficient Session Expiration in shopware
2022-01-06 23:49:17
nvd
nvd
CVE-2022-21652
2022-01-05 20:15:08
github
github
Insufficient Session Expiration in shopware
2022-01-06 23:49:17