CRITICAL🇬🇧 English

CVE-2020-35358

CVSS 9.8v3.1pub. 2021-03-15upd. 2024-11-21

DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access to some system data or functionality.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Domainmod

    APP
    Domainmod
    4.15.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-12735CRITICAL9.8ten sam produkt

reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeov...

CVE-2019-9080HIGH7.5ten sam produkt

DomainMOD before 4.14.0 uses MD5 without a salt for password storage.

CVE-2019-1010096HIGH8.8ten sam produkt

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerabil...

CVE-2019-1010094HIGH8.8ten sam produkt

domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerabil...

CVE-2019-1010095HIGH8.8ten sam produkt

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerabil...