X/Csrf token problem
Unknown
Vulnerability Details
I found that you are using X/Csrf token as a protection against CSRF attacks.
But you are using same X/Csrf token in and out.
eg
z3qrwilV8lz7CXsMhmvqxn+93GDZm/m9w/d5DZjoj8w=
This token is same before and after log-in.
This must be patch as it me result session hacks.
Actions
View on HackerOneReport Stats
- Report ID: 13639
- State: Closed
- Substate: resolved
- Upvotes: 2