Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a CVE vulnerability ID? 
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
New vulnerability? Tell us about it!
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2021-25981
Date: January 3, 2022
Overview
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attacker is able to obtain that token (via other, hypothetical attacks)Details
Sessions in Talkyard are not terminated from the server-side once the user initiates a logout, which makes it possible for an attacker to reuse the admin cookies via other hypothetical attacks.PoC Details
As the victim admin, login with your credentials. Export save the cookie values for later. Then proceed by logging out of the application.Now, as an attacker, import the admin’s cookie values to the browser. Now refresh the page and you will notice that you are signed as the admin
Affected Environments
v0.2021.20 through v0.2021.34Prevention
Upgrade to version v0.2021.35Language: TYPE_SCRIPT
Good to know:
| Base Score: |
|
|---|---|
| Attack Vector (AV): | Network |
| Attack Complexity (AC): | Low |
| Privileges Required (PR): | None |
| User Interaction (UI): | None |
| Scope (S): | Unchanged |
| Confidentiality (C): | High |
| Integrity (I): | High |
| Availability (A): | High |
| Base Score: |
|
|---|---|
| Access Vector (AV): | Network |
| Access Complexity (AC): | Low |
| Authentication (AU): | None |
| Confidentiality (C): | Complete |
| Integrity (I): | Complete |
| Availability (A): | Complete |
| Additional information: |