Concurrent Sessions

Low

Description

The application does not validate the number of active sessions each user has, thus a user can log in more than once at the same time.

Attack Scenario

This vulnerability mainly affects the traceability and non-repudiation of the user's actions.

Mitigation

The system must restrict the number of concurrent sessions that a user can establish depending on the system's function.

ID: 10003

HQ Address

20 Al Mathaf Al Zerai, Agouza, Giza - Egypt
Phone: +2 02 333 638 86
Fax: +2 02 353 656 84
Email: sales@security-meter.com

Asia-Pacific Office Address

Unit 11-3A, 3RD Mile Square No.151
JLN KLANG LAMA, BATU 3 1/2
Kuala Lumpur Malaysia
Email: asia-pacific@security-meter.com

US Office

1-29A 14 Elmwood Park
New Jersey
07407 United States
Email: us@security-meter.com

2024 © Security Meter. All rights reserverd.