Insufficient Session Expiration
CVE-2022-2888
Summary
If an attacker comes into the possession of a victim's OctoPrint versions prior to 1.8.3 session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.
- LOW
- LOCAL
- LOW
- UNCHANGED
- NONE
- LOW
- LOW
- NONE
CWE-613 - Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
References
Advisory Timeline
- Published