DerScanner
Home / Vulnerability Database / Kotlin : Excessive session timeout
Kotlin

Kotlin : Excessive session timeout

Classification

OWASP Top 10 2013
A2-Broken Authentication and Session Management
OWASP Top 10 2017
A2-Broken Authentication
OWASP Top 10 2021
A7-Identification and Authentication Failures
OWASP ASVS
Session ManagementSession ManagementSession ManagementSession Management
PCI DSS 4.0
6.2.48.2.8
HIPAA
§164.312 (a)(2)(iii)
CWE
CWE-613CWE-1028

Overview

Then longer the session, then more opportunities for attacks an adversary has. While the session is active, he/she can bruteforce the password, crack the wireless access point encryption or hijack the session using then open browser.

In addition, long sessions prevent the release of memory, which will ultimately lead to a denial of service if too many sessions are opened at the same time.

References

  1. OWASP: Top 10 2013-A2-Broken Authentication and Session Management
  2. CWE-613: Insufficient Session Expiration
  3. OWASP: Top 10 2017 A2-Broken Authentication
  4. CWE CATEGORY: OWASP Top Ten 2017 Category A2 - Broken Authentication
MEDIUM

DerScanner Severity Score

Do you want to fix Kotlin : Excessive session timeout in your application?

See also

Kotlin

Kotlin : Missing required cryptographic step

Kotlin

Kotlin : Logging into system output

Kotlin

Kotlin : Call of notify() in synchronized block