Vulnerability CVE-2022-2306


Published: 2022-07-05

Description:
Old session tokens can be used to authenticate to the application and send authenticated requests.

Type:

CWE-613

(Insufficient Session Expiration)

 References:
https://github.com/heroiclabs/nakama/commit/ce8d3921e2acd44ef8b5e6edfe595b6df067b166
https://huntr.dev/bounties/35acf263-6db4-4310-ab27-4c3c3a53f796

Copyright 2022, cxsecurity.com

 

Back to Top