Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access.
According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”
Name | Vendor | Start Version | End Version |
---|---|---|---|
Pan-os | Paloaltonetworks | 10.2.0 (including) | 10.2.5 (excluding) |
Pan-os | Paloaltonetworks | 11.0.0 (including) | 11.0.2 (excluding) |