CVE-2020-26172

Name of the Vulnerable Software and Affected Versions tangro Business Workflow versions prior to 1.18.1

Description The issue allows an attacker to reuse a JWT token when a session is active because every login generates the same JWT token. This token does not contain an expiration timestamp, enabling its reuse.

Recommendations For versions prior to 1.18.1, update to version 1.18.1 or later to resolve the issue. As a temporary workaround, consider implementing a custom expiration mechanism for JWT tokens or restricting session durations to minimize the risk of exploitation.