IP
HD-Analogue
Thermal Imaging
LCD/TFT
C-WERK
Others
Housing & Bracket
Lens
PC Accessories
System Keyboard
Transmission
Title: Improper Session Cleanup on Role Removal in Web Admin Panel Date: 2024-10-12 Product Affected: C-Werk, all versions before 2.0.3 Fixed: C-Werk 2.0.3
1. Description
When a user’s role is removed while they are still logged into the Web UI, their current session remains valid, allowing continued access until the session naturally expires. This creates a short-lived window where removed privileges are still active.
2. Solutions and mitigations
The Web UI now forces immediate logout when user-role changes occur. Admins are notified of all forced logouts via system log.
Upgrade to version 2.0.3 or later. For earlier versions, administrators are advised to manually log out affected users when changing access rights.
Back to the list