Description

It is possible to bypass concurrent session control by going to any valid URL in the application when the error that there is already a session started appears.

Impact

Access concurrently to the application with the same user causing loss of traceability.

Recommendation

Immediately invalidate previous session when logging in from a new location.

Threat

Malicious actor from intranet.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

Fixes