Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Liferay
Published: 2024-02-08T02:55:43.923Z
Updated: 2024-08-02T21:16:43.623Z
Reserved: 2023-11-10T01:49:20.188Z
Link: CVE-2023-47798
Vulnrichment
No data.
NVD
Status : Awaiting Analysis
Published: 2024-02-08T03:15:07.367
Modified: 2024-02-08T03:29:33.180
Link: CVE-2023-47798
Redhat
No data.