CVE-2020-35358

Published: Mar 15, 2021Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access to some system data or functionality.

Affected (1)

Products: Domainmod: Domainmod

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Domainmod Domainmod	Version 4.15.0

Related CWEs

Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

References (2)

https://gist.github.com/anku-agar/0fec2ffd98308e550ce9b5d4b395d0d7

Source: cve@mitre.org

ExploitThird Party Advisory

https://gist.github.com/anku-agar/0fec2ffd98308e550ce9b5d4b395d0d7

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.