Opened 10 years ago
Closed 10 years ago
#24587 closed Bug (invalid)
predictable CSRF functionality
| Reported by: | Manish Bhattacharya | Owned by: | nobody |
|---|---|---|---|
| Component: | CSRF | Version: | 1.7 |
| Severity: | Normal | Keywords: | CSRF |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Bug is reported at https://hackerone.com/reports/55032 as part of internet bug bounty. Have a look.
Thanks
Manish
Note:
See TracTickets
for help on using tickets.
As said on twitter and hackerone: Using Firebug to change your CSRF token and cookie is not a security issue.