Gvirtu

**Name of the Vulnerable Software and Affected Versions** Pow versions 1.0.14 through 1.0.33 **Description** Pow is a authentication and user management solution for Phoenix and Plug-based apps. The use of `Pow.Store.Backend.MnesiaCache` is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expire when all `Pow.Store.Backend.MnesiaCache` instances have been shut down for a period that is longer than a session's remaining TTL. **Recommendations** For versions 1.0.14 through 1.0.33, update to version 1.0.34 to resolve the issue. As a temporary workaround, expired keys, including all expired sessions, can be manually invalidated by running the provided Elixir code to delete expired keys from the `Pow.Store.Backend.MnesiaCache`.