There is no sessions time out for inactive users
Impact area
Security
Severity
Medium
Affected element
Org Config
Rule ID
SF-0167
Impact
Increased vulnerability to session hijack attacks.
Remediation
Set a timeout value. From Setup, enter "Session Settings" in the Quick Find box, then select Session Settings. Then enable "Timeout Value".
Time to fix
30 min
References
This rule is linked to Common Weakness Enumeration CWE-613 Insufficient Session Expiration.