CWE-613 - Insufficient Session Expiration

  • 摘要:Base
  • 结构:Simple
  • 状态:Incomplete
  • 发布日期:2007-05-07
  • 更新日期:2026-04-30

名称

Insufficient Session Expiration

描述

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

常见后果

范围:Access Control

影响:Bypass Protection Mechanism

相关 CWE

CWE-287Improper AuthenticationHigh

CWE-672Operation on a Resource after Expiration or Release