An authentication issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A local attacker may be able to login to the account of a previously logged in user without valid credentials..
Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36.
Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0.
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.
Old session tokens can be used to authenticate to the application and send authenticated requests.
Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several tim...
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's pa...