Improper access control in Persistent Login - #VU97984
Published: October 3, 2024
Persistent Login
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the affected module does not sufficiently check a user's disabled status when validating cookies. A remote user can bypass implemented security restrictions and gain unauthorized access to sensitive information.