Welcome Guest, Not a member yet? Register   Sign In
CI CSRF Protection bypass
#3

(11-12-2014, 02:34 PM)nopsled Wrote: While I was trying to tighten the security of a project of mine that uses CI, I figured that the CI CSRF protection is insecurely implemented and can be easily bypassed. I found that there are more than one issue associated with the way the default CI CSRF protection is implemented.

Since CSRF is a critical issues and my assumption is there are huge number of application deployments with default CI CSRF protection, I don't want to share the detailed report in the forum.

Looking for the CI contact for reporting security bugs or an email from the CI contact to my email ID would do.

Very sensible.

What version of CI are you using?
Reply


Messages In This Thread
CI CSRF Protection bypass - by nopsled - 11-12-2014, 02:34 PM
RE: CI CSRF Protection bypass - by ciadmin - 11-12-2014, 02:39 PM
RE: CI CSRF Protection bypass - by Chroma - 11-14-2014, 09:29 AM
RE: CI CSRF Protection bypass - by nopsled - 11-14-2014, 12:00 PM
RE: CI CSRF Protection bypass - by Chroma - 11-14-2014, 12:00 PM
RE: CI CSRF Protection bypass - by Narf - 11-17-2014, 04:44 AM
RE: CI CSRF Protection bypass - by Rufnex - 11-17-2014, 07:14 AM



Theme © iAndrew 2016 - Forum software by © MyBB