1. Refresh Token Rotation Gap Allows Session Hijacking via Replay Attack
A critical authentication vulnerability has been identified in the refresh token implementation. The system's token rotation mechanism fails to detect when a refresh token has already been reused, creating a window where a stolen token could be weaponized to maintain unauthorized access to a legitimate user's session. ...