• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
CI CSRF Protection bypass

#1
While I was trying to tighten the security of a project of mine that uses CI, I figured that the CI CSRF protection is insecurely implemented and can be easily bypassed. I found that there are more than one issue associated with the way the default CI CSRF protection is implemented.

Since CSRF is a critical issues and my assumption is there are huge number of application deployments with default CI CSRF protection, I don't want to share the detailed report in the forum.

Looking for the CI contact for reporting security bugs or an email from the CI contact to my email ID would do.
Reply


Messages In This Thread
CI CSRF Protection bypass - by nopsled - 11-12-2014, 02:34 PM
RE: CI CSRF Protection bypass - by ciadmin - 11-12-2014, 02:39 PM
RE: CI CSRF Protection bypass - by Chroma - 11-14-2014, 09:29 AM
RE: CI CSRF Protection bypass - by nopsled - 11-14-2014, 12:00 PM
RE: CI CSRF Protection bypass - by Chroma - 11-14-2014, 12:00 PM
RE: CI CSRF Protection bypass - by Narf - 11-17-2014, 04:44 AM
RE: CI CSRF Protection bypass - by Rufnex - 11-17-2014, 07:14 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.