View Issue Details

IDProjectCategoryView StatusLast Update
0001535Main CAcert Websitecertificate issuingpublic2021-11-28 22:10
ReporterL10N Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformMain CAcert WebsiteOSN/AOS Versionstable
Summary0001535: CSRF Token not being validated
DescriptionI'm Monsef djouadi a security researcher from Algeria , i created an account in your website and i've been
And suddenly i found a security vulnerability which is CSRF Token not being validated in request of editing account which leads to account takeover
I hope you fix that vulnerability to make web a safe place.
Additional InformationTransmission of Bug submitted by Facebook.
TagsNo tags attached.
Reviewed by
Test Instructions

Activities

L10N

2021-11-28 22:09

reporter   ~0006085

Contribution by Ted on the mailing list:

probably it would make sense to ask for a detailed step-by-step procedure on how to reproduce this problem. The current description is quite vague so it's hard to find the place to look for in detail (or does anyone already know?).

I strongly assume that CSRF refers to Cross-Site-Request-Forgery, so probably a specifically prepared web page is needed to exploit this vulnerability. If such a web page could be provided it would greatly help in analysis.

L10N

2021-11-28 22:10

reporter   ~0006086

Answer on Facebook / asking for more information:

Hello Moncef, I talked with one of our ingeneers. He said, it would make sense to send us a detailed step-by-step procedure on how to reproduce this problem. (you may write in English or French, just what is better for you.) The current description is or him quite vague so it's hard to find the place to look for in detail.

He strongly assume that CSRF refers to Cross-Site-Request-Forgery - is he right? So probably a specifically prepared web page is needed to exploit this vulnerability. If such a web page could be provided it would greatly help in analysis.

Thank you for telling us about this issues and beeing part of the community.

Thank you and best regards,

Issue History

Date Modified Username Field Change
2021-11-11 20:49 L10N New Issue
2021-11-28 22:09 L10N Note Added: 0006085
2021-11-28 22:10 L10N Note Added: 0006086