Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Product: Microweber
Product Version: 1.1.18
Vulnerability: No session expiry after log-out
Description:
The Microweber 1.1.18 session is not expiring after the session is logout and remains active.
Weakness:
Insufficient Session Expiration
Attack Type: Local
Impact:
Due to this bug, there is no way for the victim to revoke access of the attacker if the account has been already compromised.
Reference:
http://www.owasp.org/index.php/Session_Management
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.