Knowledge Base - Issues
Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.Manufacturers want to provide device users with an aesthetically pleasing effect when an application is started or exited, so they introduced the concept of saving a screenshot when the application goes into the background.
## Risk
This feature can pose a security risk because screenshots (which may display sensitive information such as...
Insufficient Session Expiration (CWE-613) is a vulnerability in session management, which is commonly found in web applications and APIs. It occurs when a session is not terminated by the server at the expected time, allowing an attacker to reuse a valid session, thereby bypassing the authentication process. This vulnerability is...
No log out functionality is a type of session management vulnerability (CWE-613) which occurs when web and API applications do not provide a mechanism for users to log out of the system. This can potentially lead to an attacker gaining access to the account of a legitimate user if their...
No session timeout is an IT vulnerability that falls under the category of Session Management (CWE-613). It occurs when a web or API application fails to have a session timeout, which causes the user's session to remain active indefinitely. This enables attackers to hijack an active session despite the user's...
Session Fixation (CWE-384) is a web security vulnerability that occurs when an attacker forces a user's web browser to authenticate to a web site using a fixed session ID. This type of attack is particularly dangerous as it allows an attacker to hijack a user's authenticated session and gain access...
Session token does not expire is a vulnerability that occurs when an authentication session token does not expire after a certain period of inactivity. This vulnerbility is classified under CWE-613: Insufficient Session Expiration and falls under the category of Session Management (CWE-384). According to the OWASP Testing Guide, this vulnerability...
Session token in URL (CWE-613) is a web and API vulnerability that occurs when an application passes a user's session token in the URL instead of using a secure cookie. This allows malicious users to gain access to the user's session token, which can be used to gain unauthorized access....
Showing entries 1 to 7 of 7 entries.