We found results for “


Date: January 3, 2022


In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attacker is able to obtain that token (via other, hypothetical attacks)


Sessions in Talkyard are not terminated from the server-side once the user initiates a logout, which makes it possible for an attacker to reuse the admin cookies via other hypothetical attacks.

PoC Details

As the victim admin, login with your credentials. Export save the cookie values for later. Then proceed by logging out of the application.
Now, as an attacker, import the admin’s cookie values to the browser. Now refresh the page and you will notice that you are signed as the admin

Affected Environments

v0.2021.20 through v0.2021.34


Upgrade to version v0.2021.35


Good to know:


Insufficient Session Expiration


Upgrade Version

Upgrade to version tyse-v0.2021.35-33bd1b956-regular

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete
Additional information: