The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifie…

A vulnerability in WebSocket backend implementation for charging stations allows session hijacking through predictable session identifiers. Multiple endpoints can connect using the same session identifier, enabling attackers to displace legitimate charging stations and intercept backend commands. The flaw permits unauthorized authentication as other users and potential denial-of-service attacks by overwhelming the backend with valid session requests. The vulnerability affects the session management system that uses charging station identifiers for unique session association.