Description

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Modes of Introduction:

– Architecture and Design

Related Weaknesses

CWE-672
CWE-672
CWE-287

Consequences

Access Control: Bypass Protection Mechanism

Potential Mitigations

Phase: Implementation

Description: 

Set sessions/credentials expiration date.

CVE References