CVE-2021-25966

In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.

In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.

En la aplicación "Orchard core CMS", versiones 1.0.0-beta1-3383 a 1.0.0, son vulnerables a una terminación de sesión inapropiada tras el cambio de contraseña. Cuando una contraseña ha sido cambiada por el usuario o por un administrador, un usuario que ya había iniciado sesión, seguirá teniendo acceso a la aplicación incluso después de haber cambiado la contraseña