CISSP All Domains Practice test 8

A2 Broken Authentication and Session Management. Sessions do not expire or they take too long to expire. Session IDs are predictable. 001, 002, 003, 004, etc. Tokens, Session ID's, Passwords, etc. are kept in plaintext.