Insufficient Logout Visibility
Variants:
Direct
Vector Type:
Vulnerability
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Session Management, Logout, Secure Design
Invented In:
24/12/2014
Added In:
24/12/2014
Vector Operation Method:
The logout feature is hard to locate, indentify or perform, encouraging users to stay logged in, and increasing the risk of identity theft.
