The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifie…

A vulnerability in WebSocket backend implementation allows session hijacking through predictable charging station identifiers. Multiple endpoints can connect using the same session identifier, enabling attackers to displace legitimate charging stations and intercept backend commands. This flaw permits unauthorized authentication and potential denial-of-service attacks by overwhelming the backend with valid session requests. The vulnerability affects charging station communication systems and poses significant security risks to infrastructure operations.