A CSRF vulnerability against the ███████ allows attackers to delete user accounts.
Users who visit a malicious website could find their ████████ account deleted.
Step-by-step Reproduction Instructions
- Create and login to a new account on the ██████
- Open the provided HTML file and press the "POC" button. Note that the POC button is used only to make testing easier, and is not necessary in an actual attack scenario.
- Refresh the page on the ███ website. You should find that you have been logged out, and are unable to sign back into your account.
Product, Version, and Configuration (If applicable)
Suggested Mitigation/Remediation Actions
Enforce proper CSRF control on the ██████, for example with Google captcha (which is already implemented through much of the site).
Users who visit a malicious website could find their account deleted.