4 matches found
CVE-2024-56733
CVE-2024-56733 affects Password Pusher (versions ≤ 1.50.3). A vulnerability allows an attacker to copy the session cookie before logout, potentially enabling session hijacking until the token expires or is cleared. Root cause centers on accessing an active session cookie (e.g., MITM, XSS, or loca...
PT-2024-72: Weakness of password policy in Password Pusher
The vulnerability was identified in Password Pusher versions prior to 1.49.0. The application allows users to set weak and easily bruteforced passwords. The discovered vulnerability allows attackers to bruteforce the password and gain access to the application with privileges of the corresponding...
PT-2024-74: Incorrect session termination in Password Pusher
The vulnerability was identified in Password Pusher versions prior to 1.48.0. The application incorrectly terminates the session and allows attacker to reuse session credentials to obtain user information. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 04.11.2024...
PT-2024-73: Unlimited session lifetime in Password Pusher
The vulnerability was identified in Password Pusher versions prior to 1.48.0. The application does not limit the storage time of the session identifier or credentials, or this time is excessively long. An attacker can reuse old credentials or session identifiers to log in as another user and gain...