Opened 10 years ago

Closed 10 years ago

#24587 closed Bug (invalid)

predictable CSRF functionality

Reported by: Manish Bhattacharya Owned by: nobody
Component: CSRF Version: 1.7
Severity: Normal Keywords: CSRF
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Bug is reported at https://hackerone.com/reports/55032 as part of internet bug bounty. Have a look.

Thanks
Manish

Change History (1)

comment:1 by Florian Apolloner, 10 years ago

Resolution: invalid
Status: newclosed

As said on twitter and hackerone: Using Firebug to change your CSRF token and cookie is not a security issue.

Note: See TracTickets for help on using tickets.
Back to Top