CVE-2026-24667
📋 TL;DR
Open eClass platform versions before 4.2 fail to invalidate active user sessions after password changes, allowing existing session tokens to remain valid. This enables attackers who have stolen session tokens to maintain unauthorized access even after victims change their passwords. All Open eClass installations prior to version 4.2 are affected.
💻 Affected Systems
- Open eClass (formerly GUnet eClass)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers with stolen session tokens maintain persistent access to user accounts, potentially accessing sensitive course materials, student data, or administrative functions even after victims change passwords.
Likely Case
Attackers who previously compromised accounts through phishing or credential theft maintain access until sessions naturally expire, allowing continued unauthorized access to course content and user data.
If Mitigated
With proper session management and monitoring, impact is limited to the duration of stolen session validity, typically until natural expiration or manual session termination.
🎯 Exploit Status
Exploitation requires stolen session tokens but is trivial once tokens are obtained. No authentication bypass needed beyond initial token acquisition.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.2
Vendor Advisory: https://github.com/gunet/openeclass/security/advisories/GHSA-5h73-53mh-m224
Restart Required: Yes
Instructions:
1. Backup current installation and database. 2. Download Open eClass version 4.2 from official repository. 3. Follow upgrade instructions in documentation. 4. Restart web server and application services. 5. Verify session invalidation functionality.
🔧 Temporary Workarounds
Manual Session Termination
allManually terminate all active sessions after password changes through administrative interface or database queries.
UPDATE sessions SET valid = 0 WHERE user_id = [USER_ID];
Session Timeout Reduction
linuxReduce session timeout duration to limit window of opportunity for stolen tokens.
Set session.gc_maxlifetime to lower value in PHP configuration
🧯 If You Can't Patch
- Implement mandatory session termination after password changes through custom code modifications.
- Deploy web application firewall rules to detect and block suspicious session reuse patterns.
🔍 How to Verify
Check if Vulnerable:
Check if version is below 4.2. Test by changing a user password while maintaining an active session - if session remains valid, system is vulnerable.Check Version:
Check version.php file or administrative dashboard for version information.Verify Fix Applied:
After upgrading to 4.2, test password change functionality - all active sessions for that user should be immediately invalidated.📡 Detection & Monitoring
Log Indicators:
- Multiple successful logins from same session ID after password change events
- Session reuse from different IP addresses after password reset
Network Indicators:
- Unusual session duration patterns
- Session tokens used from unexpected geographic locations
SIEM Query:
session_id AND password_change AND NOT session_invalidation