CWE-613 - Insufficient Session Expiration
CWE-613
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Incomplete
- Weakness Name
Insufficient Session Expiration
- Description
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
- Common Consequences
Scope: Access Control
Impact: Bypass Protection Mechanism
- Related Weaknesses
- Release Date:
- 2007-05-07
- Latest Modification Date:
- 2023-06-29