Session Fixation in microweber/microweber

Valid

Reported on

Oct 17th 2021


Description

If a user(not admin) already logged in the system and then admin inactivated the user, user remain active until he/she logged into the system.

We have contacted a member of the microweber team and are waiting to hear back 2 months ago
We have contacted a member of the microweber team and are waiting to hear back 2 months ago
Peter Ivanov validated this vulnerability 2 months ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
Peter Ivanov confirmed that a fix has been merged on 3c1d40 2 months ago
Peter Ivanov has been awarded the fix bounty
Peter Ivanov
2 months ago

Thanks for the report, the issue has been fixed now. Cheers