7 matches found
CVE-2021-3311
An issue was discovered in October through build 471. It reactivates an old session ID which had been invalid after a logout once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an...
GHSA-7GGW-H8PP-R95R October CMS Session ID not invalidated after logout
Impact When logging out, the session ID was not invalidated. This is not a problem while the user is logged out, but as soon as the user logs back in the old session ID would be valid again; which means that anyone that gained access to the old session cookie would be able to act as the logged in...
October CMS Session ID not invalidated after logout
Impact When logging out, the session ID was not invalidated. This is not a problem while the user is logged out, but as soon as the user logs back in the old session ID would be valid again; which means that anyone that gained access to the old session cookie would be able to act as the logged in...
CVE-2021-3311
An issue was discovered in October through build 471. It reactivates an old session ID which had been invalid after a logout once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an...
CVE-2021-3311
An issue was discovered in October through build 471. It reactivates an old session ID which had been invalid after a logout once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an...
CVE-2021-3311
An issue was discovered in October through build 471. It reactivates an old session ID which had been invalid after a logout once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an...
CVE-2021-3311
Affected software: October CMS (core / Auth/Manager.php authentication flow). Vulnerability: session management flaw where an old session ID, invalid after logout, can be reactivated on a new login, effectively allowing reuse of a previously valid session ID. Root cause: improper invalidation of ...