Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration.
Weakness
According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Disclosure_management | Sap | 10.1 (including) | 10.1 (including) |