Local machine/access vuln has been found in 3scale API Management where a users authentication tokens can be accessed after they have logged out, but only under very specific circumstances https://issues.redhat.com/browse/THREESCALE-10076