CWE-613


Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."


We have discovered 5,974 live websites that are affected by CWE-613.

Contact us to get more info









CVEs

  • Count - 8



CWE-613 usage by Country

United States4,377 websites



Germany237 websites
GB170 websites
Singapore121 websites
France116 websites
Netherlands84 websites
Canada80 websites
Australia77 websites
Turkey70 websites
Qatar64 websites

CWE-613 usage by TLD

.com2,858 websites
.org953 websites
.net145 websites
.ca124 websites
.co.uk123 websites
.com.au123 websites
.de116 websites
.edu86 websites
.io57 websites
.it55 websites

Newest CVEs

List of the most recent CVEs that are part of CWE-613
DiscoveredCVEDescriptionWebsites
Jan, 2025CVE-2024-11627 : Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.Thi...4,527
Feb, 2024CVE-2024-25619 Destroying OAuth Applications doesn't notify Streaming of Access Tokens being destroyed in mastodon104
Jan, 2024CVE-2024-22403 OAuth2 authorization codes are valid indefinetly in Nextcloud server195
Jan, 2023CVE-2022-46177 Discourse password reset link can lead to in account takeover if user changes to a new email1,134
Nov, 2022CVE-2022-39234 user session persists even after permanently deleting account in GLPI7
Jun, 2022CVE-2022-31050 Insufficient Session Expiration in TYPO3 Admin Tool2
Jan, 2021CVE-2020-15220 Session fixation5
Jan, 2021CVE-2020-15218 Admin pages are cached and can be embedded5
List of the most common CVEs that are part of CWE-613
DiscoveredCVEDescriptionWebsites
Jan, 2025CVE-2024-11627 : Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.Thi...4,527
Jan, 2023CVE-2022-46177 Discourse password reset link can lead to in account takeover if user changes to a new email1,134
Jan, 2024CVE-2024-22403 OAuth2 authorization codes are valid indefinetly in Nextcloud server195
Feb, 2024CVE-2024-25619 Destroying OAuth Applications doesn't notify Streaming of Access Tokens being destroyed in mastodon104
Nov, 2022CVE-2022-39234 user session persists even after permanently deleting account in GLPI7
Jan, 2021CVE-2020-15218 Admin pages are cached and can be embedded5
Jan, 2021CVE-2020-15220 Session fixation5
Jun, 2022CVE-2022-31050 Insufficient Session Expiration in TYPO3 Admin Tool2

Websites affected by CWE-613

Top websites that are affected by CWE-613. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*********.net United States*,***
***.gov United States*,***
*********.***.com France*,***
**************.com United States*,***
*******.org United States**,***
***********.org United States**,***
********.org United States**,***
************.org United States**,***
***.org United States**,***
***.org United States**,***
See full domain list