[Commotion-admin] [commotion-openwrt] CSRF in pre-authentication forms (High) (#19)
areynold
notifications at github.com
Mon Sep 9 15:22:45 UTC 2013
Web interface of the Commotion node has no protection against Cross Site Request Forgery Attacks, as no unique tokens are needed to process requests. When users of Commotion node visit attacker-controller websites, this can be abused to form an attack.
Originally reported as WRT-01-003
---
Reply to this email directly or view it on GitHub:
https://github.com/opentechinstitute/commotion-openwrt/issues/19
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-admin/attachments/20130909/9ba9a78e/attachment.html>
More information about the Commotion-admin
mailing list