Default credentials

An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation...

CVE-2020-15024

An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a logout, and after a Lock Vault operation...

vBulletin Cross-Site Scripting Vulnerability (CNVD-2020-50937)

vBulletin is a suite of forum programs that can be customized to suit your needs. A cross-site scripting vulnerability exists in the Admin CP of vBulletin 5.6.3. The vulnerability can be exploited to conduct a cross-site scripting attack via the headings of the sub-help items in the "Login/Logout...

CVE-2020-24390

eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/adminlogs page, which might allow pre-authentication stored XSS during login/logout logs recording...

GNOME gnome-shell password disclosure vulnerability

gnome-shell is a shell for the GNOME desktop that provides core user interface functions such as switching windows, launching applications or viewing notifications. A security vulnerability exists in GNOME gnome-shell 3.36.4 and earlier versions, which stems from the fact that if a password is se...

USN-4464-1 gnome-shell vulnerability

It was discovered that GNOME Shell incorrectly handled the login screen password dialog. Sensitive information could possibly be exposed during user logout...

DEBIAN-CVE-2020-17489

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visibl...

UBUNTU-CVE-2020-17489

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visibl...

CVE-2020-17489

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visibl...

CVE-2020-17489

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visibl...

CVE-2020-17489

An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visibl...

Dropcontact: Host Header Injection.

Someone could change the redirection when login out from firstpromoter, by tweaking the logout request and using http X-Forwarded-Host, someone could redirect the logout toward a bad place...

mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes

An open redirect flaw was discovered in modauthopenidc, where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with leading slashes to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web site, which would...

mod_auth_openidc: Open redirect issue exists in URLs with slash and backslash

An open redirect flaw was discovered in modauthopenidc where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with slash and backslash at the beginning to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web...

CVE-2020-6292

Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration...

Session fixation

Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration...

IBM Maximo Asset Management Security Bypass Vulnerability (CNVD-2020-41863)

IBM Maximo Asset Management is a comprehensive solution for asset-intensive industries to manage corporate physical assets through a common platform. A security bypass vulnerability exists in IBM Maximo Asset Management 7.6.0, 7.6.1. The vulnerability stems from the product not disabling a sessio...

CVE-2019-4591

IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451...

Courier: Logout page does not prevent CSRF

Summary: Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. ... If the victim is an administrative account, CSRF can compromise the entire web application. Steps To Reproduce: 1.Create a...

Unspecified Vulnerability in Mattermost Mobile Apps

Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A security vulnerability exists in Mattermost Mobile Apps prior to version 1.29.0 iOS, which can be exploited by an attacker to gain access to information because the program does not clear the SSO cookie and local...