DerScanner
Home / Vulnerability Database / Config files : Persistent authentication
Config files

Config files : Persistent authentication

Classification

OWASP Top 10 2013
A2-Broken Authentication and Session Management
OWASP Top 10 2017
A2-Broken Authentication
OWASP Top 10 2021
A7-Identification and Authentication Failures
OWASP ASVS
Session ManagementAuthenticationAuthenticationAuthenticationAuthenticationAuthenticationAuthenticationAuthenticationAuthenticationAuthenticationAuthentication
PCI DSS 4.0
6.2.4
HIPAA
§164.312 (a)(2)(iii)
CWE
CWE-1028

Overview

The application uses a permanent Bearer authentication token. At the end of the life of the token, the application may not work correctly. If the token has a long lifetime, after getting it, any subject will be able to authorize into the service.

References

  1. FormsAuthentication.RedirectFromLoginPage Method - msdn.microsoft.com
  2. OWASP Top 10 2017 A2-Broken Authentication
  3. CWE CATEGORY: OWASP Top Ten 2017 Category A2 - Broken Authentication
MEDIUM

DerScanner Severity Score

Do you want to fix Config files : Persistent authentication in your application?

See also

Config files

Config files : Text4Shell Vulnerability

Config files

Config files : Incorrect directory deletion

Config files

Config files : Code injection