Concurrent Sessions



The application does not validate the number of active sessions each user has, thus a user can log in more than once at the same time.

Attack Scenario

This vulnerability mainly affects the traceability and non-repudiation of the user's actions.


The system must restrict the number of concurrent sessions that a user can establish depending on the system's function.

ID: 10003