Flag Forge Improper Session Handling Vulnerability Allowing Access After Logout
Vulnerability
A vulnerability exists in the Flag Forge Capture The Flag (CTF) platform, specifically in versions 2.2.0 prior to 2.3.1. The issue arises from improper management of session invalidation, allowing authenticated users to retain access to protected endpoints, such as /api/profile, even after logging out. Additionally, CSRF tokens remain valid post-logout, potentially enabling unauthorized actions.
Impact
This vulnerability can lead to unauthorized access to sensitive user data after logout, session hijacking if tokens are stolen, and possible CSRF attacks due to reusable CSRF tokens.
Remediation
Users should upgrade to Flag Forge version 2.3.1, which addresses this vulnerability by properly invalidating session tokens and rotating CSRF tokens upon logout. As a temporary measure, manually clearing cookies associated with __Secure-next-auth.session-token and __Host-next-auth.csrf-token after logging out is recommended.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.