Description

It is possible to modify the expiration time of an expired session token, making it possible to make the token functional again and continue to query the application.

Impact

Perform queries to the application with an expired Token(JWT).

Recommendation

Once session tokens have expired, they should not be reused in future requests.

Threat

Attacker from the Internet with a session token.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

Fixes