CSAL#60
|
Security Notification # CSAL60 |
|
Advisory Title: No Limit on Concurrent Sessions |
||||
|
Document ID: |
TAS/PRD/GEN/SN-CSAL#60 |
Document Name: |
Security Notification # CSAL60 |
Doc. Rev.: |
0 |
|
|
|
|
|
|
|
|
|
|
Publication Date |
15-Jan-24 |
Incident Source |
CSAL60 |
CVE / Vulnerability Reference |
OWASP(A6) |
|
|
Last Update |
06-Feb-24 |
Reported By |
Valency Networks Testing Agency |
Advisory ID# |
Posting Not Started Yet |
|
|
Current Version |
WP500 FW 0.6.6 |
CVSS Score |
6 |
|
|
|
|
|
|
|
|
|
|
|
|
Vulnerability Description |
There was no limit found to be implemented for the number of concurrent sessions per interface for any given user (human, software process or device). |
|||||
|
Impact |
Not implementing a limit for the number of concurrent sessions per user (whether human, software, or device) can lead to security vulnerabilities, such as increased risk of account takeover and resource exhaustion attacks. To mitigate, enforce session limits and session management controls. |
|||||
|
Affected products |
WP500 Firmware 0.65 Version |
|
|
|
|
|
|
Temporary Fix / Mitigation |
Please update to firmware version 0.6.6. |
|
||||
|
Acknowledgment |
Valency Networks , Pune |
|
|
|
|
|
|
History |
NA |
|
|
|
|
|
|
Classification of Vulnerability |
|
|
|
|
||