| (Security Issue) CSRF hash regeneration + cookie removel |
[eluser]arbme666[/eluser]
Hi, I have been using the CSRF protaction in CI and noticed that the cookie hash is not regenerated after it has passed in csrf_verify() or if form validation fails. I see this as a security issue as the token will not be regenerated until it has expired. I don't think it's been over looked as the function csrf_verify() tries to create a new hash and cookie after the token passes verification, but fails to do so. The problem lies with $this->_csrf_set_hash(). The function will only create a new hash if the cookie doesn't exist, but the cookie does. So the same token can be used over and over again until the token expires, which by default in config is 2 hours. Also when the token fails the cookie is not removed which I think it should be even if a new one will be generated on the next page request. The link below I have edited the CSRF functions in Security.php with the following changes. * CSRF hash/cookie regenerated when token passes & when form verification fails. * CSRF cookie removed when token fails. Security.php - CSRF alterations LINK UPDATED Hope this helps! Thanks |
| Welcome Guest, Not a member yet? Register Sign In |
MENU
EXTRA MENU
ABOUT US
CodeIgniter is a powerful PHP framework with a very small footprint, built for developers who need a simple and elegant toolkit to create full-featured web applications.
