216 matches found
CVE-2023-51772
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...
One Identity Password Manager Kiosk Escape Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Kiosk Escape Privilege Escalation product: One Identity Password Manager Secure Password Extension vulnerable version: 5.13.1 fixed version: 5.13.1 CVE number:...
Users receive error "Try again after some time or contact your help desk" at login
While accessing ADC Gateway or Authentication page, in certain conditions users received one of these two errors: "Try again after some time or contact your help desk". "Malformed assertion sent to Netscaler" Users redirected to Login page. To validate this is the cause, you can check ADC syslogs...
PT-2023-27306 · Unknown · Social Media Skeleton
Name of the Vulnerable Software and Affected Versions: Social media skeleton versions prior to 1.0.5 Description: Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session. This issue...
Insufficient Session Expiration
Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session. This can allow an attacker to hijack the user's session and gain unauthorized access to the application. The web application m...
DEBIAN-CVE-2022-37186
In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically...
SUSE CVE-2013-4958
Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation...
SUSE CVE-2021-22136
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...
PT-2023-13521 · Unknown · Lemonldap::Ng
Name of the Vulnerable Software and Affected Versions: LemonLDAP::NG versions prior to 2.0.15 Description: The issue occurs when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically, resulting in some sessions not bein...
Security Bulletin: IBM Sterling Connect:Direct Browser user interface has multiple vulnerabilities (CVE-2013-0527 and CVE-2013-0529)
Abstract IBM Sterling Connect:Direct Browser is vulnerable to two information disclosure attacks. Content VULNERABILITY DETAILS: CVE ID : CVE-2013-0527 DESCRIPTION: IBM Sterling Connect:Direct Browser is vulnerable to unauthorized information disclosure as a result of C:D Browser pages being left...
Security Bulletin: Cúram Social Program Management is affected by session timeout issues (CVE-2022-22318, CVE-2022-22317)
Summary IBM Cúram Social Program Management is affected by session timeout issues. For these vulnerabilities some modal dialogs in SPM do not invalidate the session after timeout or logout, which could allow an authenticated user to impersonate another user on the system. Vulnerability Details...
PT-2021-9120 · Rapid7 · Rapid7 Nexpose
Name of the Vulnerable Software and Affected Versions: Rapid7 Nexpose versions prior to 6.6.114 Description: The issue allows an attacker to expose information when a user's session has ended due to inactivity. By using the inspect element browser feature, an attacker can remove the login panel a...
CVE-2021-20324
A flaw was found in WildFly Elytron. A variation to the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication. The highest threat from this vulnerability is to data confidentiality and integrity. Mitigation This attack is...
Gateway session time out not working as expected
Gateway time session out configured in the session profile doesn't work as expected...
Elastic Kibana Timeout Bypass Vulnerability (ESA-2021-07)
Kibana is prone to a timeout bypass vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elastic:kibana"; ifdescription...
CVE-2021-22136
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...
CVE-2021-22136
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...
Design/Logic Flaw
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...
CVE-2021-22136
Summary of CVE-2021-22136 : A timeout-bypass vulnerability in Kibana affects versions before 7.12.0 and 6.8.15 where the xpack.security.session.idleTimeout is not respected due to background polling, allowing sessions to outlive intended timeouts. Reported in the NVD/NVD-derived entry for Kibana,...
CVE-2021-22136
In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background polling activities unintentionally extending authenticated users sessions, preventing a user session...