csrf token did not changed after login/logout many times
None
Vulnerability Details
hello team,
your csrf token did not expired and after login and logout many times , i found that your csrf token is generated same as last one.
## Impact
if an attacker found an xss on your domain and you fixed it but attacker still has csrf token of user, attacker can use it to perform any action.
Actions
View on HackerOneReport Stats
- Report ID: 361131
- State: Closed
- Substate: informative
- Upvotes: 8