Skip to main content

Insufficient Session Expiration

CVE-2022-34392

Severity Medium
Score 5.5/10

Summary

SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • NONE

CWE-613 - Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

References

Advisory Timeline

  • Published