2 matches found
CVE-2020-35358
DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access t...
CVE-2020-35358
CVE-2020-35358 affects DomainMOD domainmod-v4.15.0 and is caused by an insufficient session expiration mechanism: after a password change, sessions authenticated with the new password and those using the old password remain active in other browsers/devices. Documents describe multiple reports (RH...