New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VULN: GET /login?include_auth_token returns an auth token - without CSRF check. #421
Comments
jwag956
added a commit
that referenced
this issue
Jan 2, 2021
…ion token with no CSRF checks. GETs no longer return the auth token. closes: #421
jwag956
added a commit
that referenced
this issue
Jan 5, 2021
jwag956
added a commit
that referenced
this issue
Jan 5, 2021
When can we expect a release for this issue? |
3.4.5 is working its way through travis now - travis has been extremely slow - but I hope to get it out by tonight. |
How could a CSRF attack read this token? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As title says - not good...
The text was updated successfully, but these errors were encountered: