2 matches found
Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change
Summary A session invalidation vulnerability exists in daptin's authentication system where JSON Web Tokens JWTs remain fully valid after a user changes their password. The JWT validation middleware CheckJWT only verifies token signature, expiry, issuer, and signing algorithm — it does not check...
Unspecified Vulnerability in Enphase Energy Envoy
The Enphase Energy Envoy is a gateway device for connecting smart home devices from Enphase Energy USA. The Enphase Envoy suffers from a security vulnerability that stems from a custom PAM module for user authentication that bypasses traditional user authentication, which uses passwords derived...