Impact
CSRF token validation can be bypassed through iTop portal via tricky browser procedure.
Patches
Fixed in 2.7.4 and 3.0.0
References
Combodo ref N°3430
Credits
Many thanks to Mushrraf Baig Ashraf / https://sourceforge.net/u/mushrraf/profile/ for this report !
For more information
If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com
Impact
CSRF token validation can be bypassed through iTop portal via tricky browser procedure.
Patches
Fixed in 2.7.4 and 3.0.0
References
Combodo ref N°3430
Credits
Many thanks to Mushrraf Baig Ashraf / https://sourceforge.net/u/mushrraf/profile/ for this report !
For more information
If you have any questions or comments about this advisory:
Email us at itop-security@combodo.com