Hi,
It has been identified that the forms do not have mechanisms to
prevent CSRF attacks, because of this, a malicious user can force the browser to
a victim user to generate and send requests that the application interprets as legitimate
from the victim. A successful CSRF attack can compromise the data of a
end user and through this enter "valid" requests that modify the
behavior of the application in favor of the attacker
We have a lastest versión of crowd 4.1.0 dockerized with mysql database
Thank you.
Regards
Right. So have you reported this? Is it possibly fixed in a later version?
It has not been fixed in the latest version, we have reported it
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
yes, and also in the RelayState parameter, they are lacking the business logic of the anti-CSRF.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.