3 matches found
CVE-2023-53970
CVE-2023-53970 concerns Screen SFT DAB 600/C firmware 1.9.3, which exposes a weak session management vulnerability. Attackers can bypass authentication by reusing IP-bound session identifiers and abuse the deviceManagement API endpoint to send crafted POST requests that reset device configuration...
Improper Session Management
Keycloak is vulnerable to improper session management. The vulnerability is due to reuse of session identifiers and improper cleanup during logout when browser cookies are missing, which allows an attacker to gain unauthorized access to another user’s active session and receive their authenticati...
GHSA-RG35-5V25-MQVP Keycloak vulnerable to session takeovers due to reuse of session identifiers
A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...