Skip to main content

Force re-authentication

Summary​

The system must force users to re-authenticate or invalidate their session if the state of their account changes (e.g., password change/recovery, lockouts, user deletion, etc.).

Description​

When important changes occur, such as a password change, account recovery, lockout, or user deletion, there is a potential risk of unauthorized access if an existing session remains active. Forcing re-authentication ensures that only the legitimate account owner can continue with granted access to the account.

Supported In​

This requirement is verified in following services

PlanSupported
Essential🔴
Advanced🟢

References​

Vulnerabilities​

free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.