MICROSENS NMP Web+ contain JSON Web Tokens (JWT) that do not expire, which could allow an attacker to gain access to the system.
According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”