Volerion logoVolerion
Volerion logoVolerion

Open eClass Session Management Vulnerability Allowing Unauthorized Account Access

Vulnerability

A vulnerability in the Open eClass platform prior to version 4.2 allows active user sessions to remain valid after a password change. This failure to invalidate session tokens can lead to unauthorized continued access to user accounts. The issue arises because the application does not properly terminate active sessions, leaving session identifiers valid and authenticated users without the need to re-authenticate. As a result, any existing sessions, including those that may be malicious or unauthorized, remain active even after a password update.

Impact

Exploitation of this vulnerability allows for persistent unauthorized access to user accounts, as active session tokens remain valid even after a password change. This could enable an attacker to maintain access to an account indefinitely, despite the password being updated.

Remediation

Users can update to Open eClass version 4.2 or later to address this vulnerability.

Added: Feb 3, 2026, 6:23 PM
Updated: Feb 3, 2026, 6:23 PM

Vulnerability Rating

Custom Algorithm
spread
1.9
impact
5.0
exploitability
4.4
remediation
7.7
relevance
2.5
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.