Knowledge Base - Issues

Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.

/ Auto-Generated Screenhots

Manufacturers want to provide device users with an aesthetically pleasing effect when an application is started or exited, so they introduced the concept of saving a screenshot when the application goes into the background. This feature can pose a security risk because screenshots (which may display sensitive information such as an...

/ Insufficient Session Expiration

Insufficient Session Expiration (CWE-613) is a vulnerability in session management, which is commonly found in web applications and APIs. It occurs when a session is not terminated by the server at the expected time, allowing an attacker to reuse a valid session, thereby bypassing the authentication process. This vulnerability is...

/ No Log Out Functionality

No log out functionality is a type of session management vulnerability (CWE-613) which occurs when web and API applications do not provide a mechanism for users to log out of the system. This can potentially lead to an attacker gaining access to the account of a legitimate user if their...

/ No Session Timeout

No session timeout is an IT vulnerability that falls under the category of Session Management (CWE-613). It occurs when a web or API application fails to have a session timeout, which causes the user's session to remain active indefinitely. This enables attackers to hijack an active session despite the user's...

/ Session Fixation

Session fixation is enabled by the insecure practice of preserving the same value of the session cookies before and after authentication. In the generic exploit of session fixation vulnerabilities, an attacker can obtain a set of session cookies from the target website without first authenticating. The attacker can then force these...

/ Session Token Does Not Expire

Session token does not expire is a vulnerability that occurs when an authentication session token does not expire after a certain period of inactivity. This vulnerbility is classified under CWE-613: Insufficient Session Expiration and falls under the category of Session Management (CWE-384). According to the OWASP Testing Guide, this vulnerability...

/ Session Token in URL

Session token in URL is a web and API vulnerability that occurs when an application passes a user's session token in the URL instead of using a secure cookie. This allows malicious users to gain access to the user's session token, which can be used to gain unauthorized access. The...
Showing entries 1 to 7 of 7 entries.