Lucene search
K

8 matches found

Veracode
Veracode
added 2023/11/01 3:57 a.m.18 views

Insufficient Session Expiration

thorsten/phpmyfaq is vulnerable to Insufficient Session Expiration. The vulnerability occur when a users permission changes allowing an authenticated attacker to reuse an old session ID to access a user's account, even after the user has logged out which allows the attacker to perform unauthorise...

9.8CVSS6.7AI score0.00576EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2021/02/05 2:15 p.m.13 views

CVE-2021-3311

An issue was discovered in October through build 471. It reactivates an old session ID which had been invalid after a logout once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an...

9.8CVSS0.02903EPSS
Exploits1References3
OSV
OSV
added 2021/02/05 2:15 p.m.16 views

CVE-2021-3311

An issue was discovered in October through build 471. It reactivates an old session ID which had been invalid after a logout once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an...

9.8CVSS7AI score
Exploits0References3
Cvelist
Cvelist
added 2021/02/05 4:47 a.m.28 views

CVE-2021-3311

An issue was discovered in October through build 471. It reactivates an old session ID which had been invalid after a logout once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is known to an...

9.8AI score0.02903EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2017/09/29 11:19 a.m.23 views

CVE-2017-11191

DISPUTED FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID for the same user account that had been created for an earlier session. NOTE: Vendor states that issue does not exist in...

8.8CVSS5.3AI score0.01687EPSS
Exploits1References1
OSV
OSV
added 2017/09/28 1:29 a.m.4 views

UBUNTU-CVE-2017-11191

DISPUTED FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID for the same user account that had been created for an earlier session. NOTE: Vendor states that issue does not exist in...

8.8CVSS7.3AI score0.01687EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2017/09/27 7:0 p.m.14 views

CVE-2017-11191

FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID for the same user account that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and...

6.7AI score0.01687EPSS
Exploits1References1
Prion
Prion
added 2013/08/20 10:55 p.m.9 views

Session fixation

Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID...

5.8CVSS7.2AI score0.01636EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder