cskefu v7 suffers from Insufficient Session Expiration, which allows attackers to exploit the old session for malicious activity.
Weakness
According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”
Potential Mitigations
References
- https://gist.github.com/menghaining/8d424faebfe869c80eadaea12bbdd158
- https://github.com/cskefu/cskefu/issues/781
- https://github.com/cskefu/cskefu/pull/803
- https://gist.github.com/menghaining/8d424faebfe869c80eadaea12bbdd158
- https://github.com/cskefu/cskefu/issues/781
- https://github.com/cskefu/cskefu/pull/803