Submit #811287: litellm <= 1.82.2 Insufficient Session Expiration (CWE-613)info

Titlelitellm <= 1.82.2 Insufficient Session Expiration (CWE-613)
Description# Technical Details An Insecure Session Management vulnerability exists in the `get_redirect_response_from_openid` method in `litellm/proxy/management_endpoints/ui_sso.py` of litellm. The application fails to track, expire, or invalidate active state sessions upon the successful issuance of a new SSO authorization request, establishing a parallel accumulation of multiple perpetual proxy tokens for the same user. # Vulnerable Code File: `litellm/proxy/management_endpoints/ui_sso.py` Method: `get_redirect_response_from_openid` Why: A new entry is appended to `LiteLLM_VerificationToken` every time `generate_key_helper_fn` resolves during a successful callback. However, no matching database call is implemented to delete or flag older row entries for the active `user_id`. Each generated session persists completely orphaned until manual time-based 24h expiration completes. # Reproduction 1. Execute a generalized SSO Login for `[email protected]` routing through the proxy system (`/sso/key/generate`). Record Login 1's backend `token` (e.g. `sk-TokenBaseA...`). 2. Repeat the process generating a concurrent Login 2 containing `sk-TokenBaseB...`. 3. Use `sk-TokenBaseA...` against any target Management component and observe complete 200 HTTP Success authentication responses despite the later active window. # Impact - Token Accumulation creating unnecessary processing volume limitations. - Persistent unauthorized administrative access whereby clearing cookies or forcing re-auth accomplishes absolutely nothing to mitigate previously compromised backend token materials.
Source⚠️ https://gist.github.com/YLChen-007/5fa8af12e1b183674d7ca96d852fb697
User
 Eric-c (UID 96848)
Submission04/23/2026 10:08 (2 months ago)
Moderation06/20/2026 19:12 (2 months later)
StatusAccepted
VulDB entry372558 [BerriAI litellm up to 1.82.2 SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration]
Points20

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!