BaseIncomplete

CWE-613Insufficient Session Expiration

Category: auth

Description

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

Common consequences· 1

  • Access Control — Bypass Protection Mechanism

Potential mitigations· 1

  • [Implementation]Set sessions/credentials expiration date.

References

  1. https://cwe.mitre.org/data/definitions/613.html

Compliance frameworks addressing this (incoming)2

TypeTargetConfidenceTier
ComplianceControlowasp_api_top10-api04100%live
ComplianceControlowasp_top10-a07100%live

(incoming)47

TypeTargetConfidenceTier
VulnerabilityCVE-2025-10223cve-2025-102230%live
VulnerabilityCVE-2025-2185cve-2025-21850%live
VulnerabilityCVE-2025-24859cve-2025-248590%live
VulnerabilityCVE-2025-24896cve-2025-248960%live
VulnerabilityCVE-2025-24973cve-2025-249730%live
VulnerabilityCVE-2025-33005cve-2025-330050%live
VulnerabilityCVE-2025-35433cve-2025-354330%live
VulnerabilityCVE-2025-36376cve-2025-363760%live
VulnerabilityCVE-2025-36377cve-2025-363770%live
VulnerabilityCVE-2025-40566cve-2025-405660%live
VulnerabilityCVE-2025-4528cve-2025-45280%live
VulnerabilityCVE-2025-46815cve-2025-468150%live
VulnerabilityCVE-2025-48929cve-2025-489290%live
VulnerabilityCVE-2025-53826cve-2025-538260%live
VulnerabilityCVE-2025-53896cve-2025-538960%live
VulnerabilityCVE-2025-54592cve-2025-545920%live
VulnerabilityCVE-2025-55162cve-2025-551620%live
VulnerabilityCVE-2025-55278cve-2025-552780%live
VulnerabilityCVE-2025-55705cve-2025-557050%live
VulnerabilityCVE-2025-56643cve-2025-566430%live
VulnerabilityCVE-2025-57735cve-2025-577350%live
VulnerabilityCVE-2025-58437cve-2025-584370%live
VulnerabilityCVE-2025-59786cve-2025-597860%live
VulnerabilityCVE-2025-59841cve-2025-598410%live
VulnerabilityCVE-2025-65883cve-2025-658830%live
VulnerabilityCVE-2025-66289cve-2025-662890%live
VulnerabilityCVE-2026-1435cve-2026-14350%live
VulnerabilityCVE-2026-20748cve-2026-207480%live
VulnerabilityCVE-2026-21622cve-2026-216220%live
VulnerabilityCVE-2026-24912cve-2026-249120%live

Showing top 30 of 47 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Session Fixation
CWE
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE
Improper Validation of Certificate Expiration
CWE
J2EE Misconfiguration: Insufficient Session-ID Length
CWE
Use of Web Browser Cache Containing Sensitive Information
CWE
Unprotected Transport of Credentials
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.