CWE-613

Insufficient Session Expiration

Parent: CWE-672 - Operation on a Resource after Expiration or Release

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

533 vulnerabilities with CWE-613
CVE-2016-0234 MEDIUM
IBM OpenPages GRC Platform <7.3 - Info Disclosure
CVSS 4.0
CVE-2016-6545 CRITICAL
iTrack Easy - Info Disclosure
CVSS 9.8
CVE-2016-8712 HIGH
Moxa AWK-3131A Wireless AP <1.1 - RCE
CVSS 8.1
CVE-2016-5069 CRITICAL
Sierra Wireless GX 440 ALEOS Firmware 4.3.2 - Insufficient Session Expiration via URL Session Tokens
CVSS 9.8
CVE-2015-5171 CRITICAL
Cloudfoundry Cf-release < 216 - Insufficient Session Expiration
CVSS 9.8
CVE-2014-2595 CRITICAL
Barracuda WAF 7.8.1.013 - Auth Bypass
CVSS 9.8
CVE-2014-3616
nginx 0.5.6-1.7.4 - Insufficient Session Expiration via Shared SSL Session Cache
CVE-2009-20001 HIGH
MantisBT < 2.24.5 - Insufficient Session Expiration
CVSS 8.1
Details
Vulnerabilities 533
Links
MITRE CWE Entry Search this CWE With Exploits