In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Insufficient Session Expiration vulnerabilities in an interactive lesson.
Start learningUpgrade hydrooj to version 5.0.2 or higher.
Affected versions of this package are vulnerable to Insufficient Session Expiration in the session recreation process. An attacker can gain unauthorized access to a user's account by replaying a previously valid session cookie after logout or session renewal. This is only exploitable if the attacker has obtained a stale session cookie associated with the victim.
This vulnerability can be mitigated by forcing all existing sessions to expire or by clearing the server-side session token store after applying a local patch. Administrators should also review logs for suspicious use of stale session cookies and rotate any exposed session cookies.