Skip to content

Instantly share code, notes, and snippets.

@virendratiwari03

virendratiwari03/Microweber: No session expiry after log-out Secret

Last active November 4, 2020 06:50
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save virendratiwari03/0b0d161e1141fdd74122abbb02fefe17 to your computer and use it in GitHub Desktop.
Save virendratiwari03/0b0d161e1141fdd74122abbb02fefe17 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Microweber: No session expiry after log-out
Product: Microweber
Product Version: 1.1.18
Vulnerability: No session expiry after log-out
Description:
The Microweber 1.1.18 session is not expiring after the session is logout and remains active.
Weakness:
Insufficient Session Expiration
Attack Type: Local
Impact:
Due to this bug, there is no way for the victim to revoke access of the attacker if the account has been already compromised.
Reference:
http://www.owasp.org/index.php/Session_Management
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment