Coinbase: Leaking CSRF token over HTTP resulting in CSRF protection bypass

2014-06-07T04:44:03
ID H1:15412
Type hackerone
Reporter anshuman_bh
Modified 2014-10-16T01:53:12

Description

  1. Start a proxy tool like Burp.
  2. Authenticate to the Coinbase application.
  3. Navigate to the URL https://coinbase.com/docs/api/overview
  4. Under Developer Updates, enter your email address and click "Subscribe".
  5. Notice that this request is sent over HTTP with the CSRF token in the body of the POST request.

This means that an attacker can easily perform a MiTM attack and gain access to this CSRF token. The attacker can then trick this authenticated Coinbase user to perform CSRF attacks since the attacker now knows the CSRF token associated with this user. This results in bypassing the existing CSRF protection in the Coinbase application.