SOUND4 Impact, First, Pulse, Eco Session Hijacking Vulnerability

A vulnerability exists in SOUND4 Impact, First, Pulse, and Eco applications, all versions through 2.x, due to insufficient session expiration. This flaw allows attackers to reuse old session credentials, potentially hijacking active user sessions and gaining unauthorized access to the application. The issue arises from weak session management, which fails to invalidate session identifiers in a timely manner, leaving users exposed to session theft or reuse attacks.

Impact

Exploitation of this vulnerability could lead to unauthorized access through session hijacking, allowing attackers to impersonate users and interact with the application on their behalf.

Reproduction

The vulnerability can be reproduced by logging into the application and capturing the session cookie. After 96 hours, the session cookie remains valid, allowing for reuse and potential session hijacking.