CWE DATABASE
About
GET A DEMO
Backslash Vulnerability Database
Insufficient Session Expiration
Insufficient Session Expiration
CWE-613
Overtime trend (NVD)
CVSS severity (NVD, All Time)
Per technology (GHSA, All time)
49%
-
Composer
16%
-
Maven
13%
-
Go
20%
-
Others
Short description
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
Best practices to prevent this CWE
Phase: Implementation
Set sessions/credentials expiration date.