CWE-613 – Insufficient Session Expiration

Read Time:18 Second

Description

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-672
CWE-672
CWE-287

 

Consequences

Access Control: Bypass Protection Mechanism

 

Potential Mitigations

Phase: Implementation

Description: 

Set sessions/credentials expiration date.

CVE References