CWE-324 · Use of a Key Past its Expiration Date
17 CVEs classified under CWE-324 (Use of a Key Past its Expiration Date). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-35401 | Critical | 9.0 | 2023-01-10 | An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP re… |
CVE-2025-31123 | High | 8.7 | 2025-03-31 | Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails… |
CVE-2021-33020 | High | 8.2 | 2022-04-01 | Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increa… |
CVE-2025-2291 | High | 8.1 | 2025-04-16 | Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with… |
CVE-2025-33012 | Medium | 6.3 | 2025-11-07 | IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain… |
CVE-2025-48813 | Medium | 6.3 | 2025-10-14 | Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally. |
CVE-2022-24732 | Medium | 6.3 | 2022-03-09 | Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking… |
CVE-2019-3790 | Medium | 6.1 | 2019-06-06 | The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, con… |
CVE-2025-13723 | Medium | 5.3 | 2026-03-13 | IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using… |
CVE-2024-7318 | Medium | 4.8 | 2024-09-09 | A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead… |
CVE-2024-6299 | Medium | 4.8 | 2024-06-25 | Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the r… |
CVE-2024-31894 | Medium | 4.3 | 2024-05-22 | IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IB… |
CVE-2024-31895 | Medium | 4.3 | 2024-05-22 | IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IB… |
CVE-2024-31893 | Medium | 4.3 | 2024-05-22 | IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token… |
CVE-2023-5342 | Medium | 4.1 | 2025-08-15 | The Fedora Secure Boot CA certificate shipped with shim in Fedora was expired which could lead to old or invalid signed boot components being loaded. |
CVE-2024-38277 | | 2024-06-18 | A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two. | |
CVE-2022-2447 | | 2022-09-01 | A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from… |