Login Sign Up

CVE-2022-0991

7.1 HIGH
Authentication Bypass

📋 TL;DR

CVE-2022-0991 is an insufficient session expiration vulnerability in Admidio that allows attackers to maintain access to user sessions beyond intended logout times. This affects all Admidio installations prior to version 4.1.9. Attackers could potentially hijack sessions and gain unauthorized access to user accounts.

💻 Affected Systems

Products:
  • Admidio
Versions: All versions prior to 4.1.9
Operating Systems: All platforms running Admidio
Default Config Vulnerable: ⚠️ Yes
Notes: All Admidio installations using default session management are affected.

📦 What is this software?

Admidio by Admidio

View all CVEs affecting Admidio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could maintain persistent access to administrative accounts, leading to complete system compromise, data theft, or unauthorized administrative actions.

🟠

Likely Case

Session hijacking allowing unauthorized access to user accounts with varying privilege levels, potentially leading to data exposure or privilege escalation.

🟢

If Mitigated

Limited impact with proper session management controls, but still potential for unauthorized access if sessions are not properly invalidated.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires access to session tokens/cookies, but the vulnerability makes session hijacking easier.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.1.9

Vendor Advisory: https://github.com/admidio/admidio/commit/e84e472ebe517e2ff5795c46dc10b5f49dc4d46a

Restart Required: Yes

Instructions:

1. Backup your Admidio installation and database. 2. Download Admidio 4.1.9 or later from the official repository. 3. Replace all files with the new version. 4. Run the update script if prompted. 5. Clear all existing sessions from the database.

🔧 Temporary Workarounds

Manual Session Cleanup

all

Regularly clear expired sessions from the database to reduce attack window

DELETE FROM adm_sessions WHERE ses_timestamp < UNIX_TIMESTAMP(DATE_SUB(NOW(), INTERVAL 1 HOUR))

🧯 If You Can't Patch

  • Implement additional session validation checks in application code
  • Use web application firewall rules to detect and block suspicious session activity

🔍 How to Verify

Check if Vulnerable:

Check Admidio version in admin panel or by examining the version.php file

Check Version:

grep -r 'ADMIDIO_VERSION' /path/to/admidio/version.php

Verify Fix Applied:

Verify version is 4.1.9 or later and test that sessions properly expire after logout

📡 Detection & Monitoring

Log Indicators:

  • Multiple successful logins from same session ID
  • Session IDs with unusually long lifetimes
  • Failed logout attempts

Network Indicators:

  • Reuse of session tokens after logout events
  • Multiple IP addresses using same session ID

SIEM Query:

source="admidio_logs" AND (event="session_reuse" OR session_duration>3600)

📊 Metadata

CVE ID: CVE-2022-0991
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CWE: CWE-613
Published: March 19, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-0991, you might also want to check these:

CVE-2024-8888 10.0

An attacker on the same network as a vulnerable CIRCUTOR Q-SMT device can steal authentication token...

Same vulnerability type (CWE-613)
CVE-2023-5865 9.8

This vulnerability in phpMyFAQ allows attackers to maintain access to user sessions beyond intended ...

Same vulnerability type (CWE-613)
CVE-2024-25718 9.8

This vulnerability in the Samly package for Elixir allows expired authentication sessions to remain ...

Same vulnerability type (CWE-613)