CVE-2020-35358

Name of the Vulnerable Software and Affected Versions: DomainMOD version 4.15.0

Description: The issue is related to insufficient session expiration. When a password is changed, sessions using the new password and old sessions on other browsers or devices do not expire, remaining active. This flaw can give attackers unauthorized access to system data or functionality.

Recommendations: For DomainMOD version 4.15.0, as a temporary workaround, consider implementing a manual session expiration mechanism after password changes until a patch is available. Restrict access to sensitive data and functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.