XSRF token problem
Unknown
Vulnerability Details
Your web application generates XSRF token values inside cookies which is not a best practice for web applications as revelation of cookies can reveal XSRF Tokens as well. Authenticity tokens should be kept separate from cookies and should be isolated to change operations in the account only.
Actions
View on HackerOneReport Stats
- Report ID: 2427
- State: Closed
- Substate: resolved
- Upvotes: 1