Describe the bug
Time-of-check, time-of-use race conditions occur when a resource is checked for a particular value, that value is changed, then the resource is used, based on the assumption that the value is still the same as it was at check time.
To Reproduce
The session is active for authenticated user, even after deleted from users table, leading to Time-of-check Time-of-use (TOCTOU) Race Condition.
This can allow an non-existing user to access & modify accessible records (Add/delete Monitors,Users etc).
Describe Your Environment
Describe the bug
Time-of-check, time-of-use race conditions occur when a resource is checked for a particular value, that value is changed, then the resource is used, based on the assumption that the value is still the same as it was at check time.
To Reproduce
The session is active for authenticated user, even after deleted from users table, leading to Time-of-check Time-of-use (TOCTOU) Race Condition.
This can allow an non-existing user to access & modify accessible records (Add/delete Monitors,Users etc).
Affected URL :
http://localhost/zm/index.php (Privileged access)
An attacker can gain access to otherwise unauthorized resources and modify, delted or update application data.
Expected behavior
Debug Logs
The text was updated successfully, but these errors were encountered: