Lloyd Post

**Name of the Vulnerable Software and Affected Versions** SINEMA Remote Connect Client versions prior to V3.2 SP2 **Description** A vulnerability has been identified in the SINEMA Remote Connect Client, where the affected application does not expire the user session on reboot without logout. This could allow an attacker to bypass Multi-Factor Authentication. The issue is related to the incorrect session expiration in the Time-based One-Time Password (TOTP) algorithm of the client. **Recommendations** For versions prior to V3.2 SP2, update to version V3.2 SP2 or later to resolve the issue. As a temporary workaround, consider manually expiring user sessions after reboot or implementing additional authentication measures to minimize the risk of exploitation.