CVE-2020-5934

CVE-2020-5934 affects F5 BIG-IP APM SAML SLO: vulnerable on BIG-IP APM versions 15.1.0–15.1.0.5, 14.1.0–14.1.2.3, and 13.1.0–13.1.3.3. When multiple HTTP requests to the configured SAML SLO URL travel over a TCP Keep-Alive connection, traffic to the Traffic Management Microkernel (TMM) can be dis...

Gophish cookie non-expiration vulnerability

Gophish is a powerful open source phishing framework. A cookie non-expiration vulnerability exists in Gophish 0.10.1 and earlier versions. The vulnerability stems from Gophish not invalidating the gophish cookie after logging out. No details of the vulnerability are provided at this time...

CVE-2020-24713

Gophish through 0.10.1 does not invalidate the gophish cookie upon logout...

Low: mod_auth_openidc

Issue Overview: An open redirect flaw was discovered in modauthopenidc, where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with leading slashes to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web sit...

Juniper Networks Junos OS Evolved Code Issue Vulnerability

Juniper Networks Junos OS Evolved is an upgraded version of Juniper Networks' Junos OS. Juniper Networks Junos OS Evolved has a security vulnerability that can be exploited by an attacker to bypass restrictions and escalate his privileges by ignoring logout-disconnect...

IBM Security Access Manager Security Bypass Vulnerability (CNVD-2020-59030)

IBM Security Access Manager is a product for information security management applications from IBM, USA. The product enables access management control through integrated devices for web, mobile and cloud computing. A security bypass vulnerability exists in IBM Security Access Manager version 9.0....

Scientific Linux Security Update : mod_auth_openidc on SL7.x x86_64 (20201001)

Security Fixes : - modauthopenidc: Open redirect in logout url when using URLs with leading slashes CVE-2019-14857 - modauthopenidc: Open redirect issue exists in URLs with slash and backslash CVE-2019-20479 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...

Traffic Management Logout Functionality on NetScaler

This article covers the Traffic Management TM logout functionality on NetScaler which is added in 10.0 and 9.3.e releases. The TM logout functionality triggers AAA session logout on traffic action hit. NetScaler can be configured for "Initiate Logout" option in the TM traffic profile. The followi...

CVE-2020-4395

IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358...

CVE-2020-4395

IBM Security Access Manager Appliance 9.0.7 is vulnerable because it does not invalidate sessions after logout, potentially allowing an authenticated user to impersonate another user. Connected sources confirm a fix in 9.0.7.2 (fix pack: 9.0.7-ISS-ISAM-FP0002) and related updates for ISAM in Dock...

Vulnerability fixed in IBM Security Access Manager

IBM has fixed a vulnerability in IBM Security Access Manager in which sessions are not deleted after a user is logged out. A malicious party could potentially reuse the session of a logged out user thereby potentially reuse it and thus gain elevated rights to the vulnerable system. IBM has releas...

Weblate: Send Empty CSRF leads to log out user on [https://hosted.weblate.org/accounts/profile]

Hi There is a CSRF bug on your Website leads to logout user from the dashboard. If the user click on the attached file CSRF.html redirect to another page and see the following error and the user log out immediately: F1029146 Steps to reproduce: 1- Login to your account via Login page 2- Click on...

Session fixation

REDDOXX MailDepot 2032 SP2 2.2.1242 has Insufficient Session Expiration because tokens are not invalidated upon a logout...

CVE-2019-19199

REDDOXX MailDepot 2032 SP2 2.2.1242 has Insufficient Session Expiration because tokens are not invalidated upon a logout...

Opren Redirect

modauthopenidc is vulnerable to open redirect. Open redirect in logout url when using URLs with leading slashes...

mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes

An open redirect flaw was discovered in modauthopenidc, where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with leading slashes to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web site, which would...

mod_auth_openidc: Open redirect issue exists in URLs with slash and backslash

An open redirect flaw was discovered in modauthopenidc where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with slash and backslash at the beginning to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web...

CVE-2020-15024

An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation...

CVE-2020-15024

An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation...

CVE-2020-15024

An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation...