Description

It is possible to close active sessions of other users by knowing their e-mail.

Impact

Close user sessions in the application.

Recommendation

Validate that the users email is not altered or replaced by another users email in the logout process.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 45 minutes.

Requirements

Fixes