Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change

Summary A session invalidation vulnerability exists in daptin's authentication system where JSON Web Tokens JWTs remain fully valid after a user changes their password. The JWT validation middleware CheckJWT only verifies token signature, expiry, issuer, and signing algorithm — it does not check...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration in the authentication and session management process. An attacker can gain unauthorized access to user accounts and maintain persistent access even after a password change by exploiting weak password...

GHSA-RPW8-82V9-3Q87 Fides' Admin UI User Password Change Does Not Invalidate Current Session

Summary Admin UI user password changes in Fides do not invalidate active user sessions, creating a vulnerability chaining opportunity where attackers who have obtained session tokens through other attack vectors such as XSS can maintain access even after password reset. This issue is not directly...

PT-2024-19360 · Ibm · Ibm Urbancode Deploy +1

Name of the Vulnerable Software and Affected Versions: IBM UrbanCode Deploy versions 7.0 through 7.0.5.20 IBM UrbanCode Deploy versions 7.1 through 7.1.2.16 IBM UrbanCode Deploy versions 7.2 through 7.2.3.9 IBM UrbanCode Deploy versions 7.3 through 7.3.2.4 IBM DevOps Deploy versions 8.0 through...