Vulnerabilities > CVE-2021-35342 - Insufficient Session Expiration vulnerability in Northern.Tech Useradm 1.13.0/1.14.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |