Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked.
References
Configurations
No configuration.
History
08 Feb 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-08 03:15
Updated : 2024-02-08 03:29
NVD link : CVE-2023-47798
Mitre link : CVE-2023-47798
CVE.ORG link : CVE-2023-47798
JSON object : View
Products Affected
No product.
CWE
CWE-384
Session Fixation