Vulnerabilities > Insufficient Session Expiration

DATE CVE VULNERABILITY TITLE RISK
2017-11-03 CVE-2017-1000135 Insufficient Session Expiration vulnerability in Mahara
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable as logged-in users can stay logged in after the institution they belong to is suspended.
network
low complexity
mahara CWE-613
6.5
2017-11-03 CVE-2017-1000131 Insufficient Session Expiration vulnerability in Mahara
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API functions.
network
low complexity
mahara CWE-613
6.5
2017-10-26 CVE-2017-12159 Insufficient Session Expiration vulnerability in multiple products
It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session.
network
low complexity
redhat keycloak CWE-613
7.5
2017-10-24 CVE-2015-5171 Insufficient Session Expiration vulnerability in multiple products
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.
network
low complexity
pivotal-software cloudfoundry CWE-613
critical
9.8
2017-10-20 CVE-2017-6145 Insufficient Session Expiration vulnerability in F5 products
iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens.
network
low complexity
f5 CWE-613
7.3
2017-10-17 CVE-2017-14007 Insufficient Session Expiration vulnerability in Prominent Multiflex M10A Controller Firmware
An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface.
network
high complexity
prominent CWE-613
5.6
2017-08-29 CVE-2017-12867 Insufficient Session Expiration vulnerability in Simplesamlphp
The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset.
network
high complexity
simplesamlphp CWE-613
5.9
2017-07-26 CVE-2017-11667 Insufficient Session Expiration vulnerability in Openproject
OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session.
network
high complexity
openproject CWE-613
8.1
2017-06-20 CVE-2017-3215 Insufficient Session Expiration vulnerability in Milwaukee One-Key
The Milwaukee ONE-KEY Android mobile application uses bearer tokens with an expiration of one year.
network
low complexity
milwaukee CWE-613
5.3
2017-04-13 CVE-2016-8712 Insufficient Session Expiration vulnerability in Moxa Awk-3131A Firmware 1.1
An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1.
network
high complexity
moxa CWE-613
8.1