CVE-2018-1127 is a vulnerability in Red Hat Gluster Storage
Published on September 11, 2018
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user.
Weakness Type
Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
Products Associated with CVE-2018-1127
Want to know whenever a new CVE is published for Red Hat Gluster Storage? stack.watch will email you.
Affected Versions
Red Hat Gluster Storage Version 3.4.0 is affected by CVE-2018-1127Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.