42 matches found
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF given a global CSRF token such as the one present in the authenticitytoken meta tag. Remediation Upgrade actionpack to version 5.2.4.3, 6.0.3.1 or higher. References - GitHub Commit - Google Group Forum -...
rack-protection: Timing attack in authenticity_token.rb
Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to hav...
OmniAuth Information Disclosure Vulnerability
OmniAuth is a set of authentication system using Rack middleware implementation . An information disclosure vulnerability exists in the strategy.rb file in versions of OmniAuth prior to 1.3.2, which stems from the program failing to properly protect the authenticitytoken value. An attacker could...
DEBIAN-CVE-2017-18076
In strategy.rb in OmniAuth before 1.3.2, the authenticitytoken value is improperly protected because POST in addition to GET parameters are stored in the session and become available in the environment of the callback phase...
CVE-2017-18076
In strategy.rb in OmniAuth before 1.3.2, the authenticitytoken value is improperly protected because POST in addition to GET parameters are stored in the session and become available in the environment of the callback phase...
GSA Bounty: 2FA bypass - confirmation tokens don't expire
Hi there, Because of the limitation of the site, accounts may be locked down for 10 minutes. I found 2 ways to bypass this lock period. First one with the confirmation mail that we get when we sign on. If we get the token this way below, we can change account password and bypass the lock period a...
New Relic: CSRF For Adding Users
Issue The API affected is https://rpm.newrelic.com/accounts/accountid/accountviews. Only admin users are allowed to add other new users, but a normal user with knowledge of the accountid can craft a webpage which does a CSRF when an admin user visits it. There are 2 problems with it that can resu...
Files.com: CSRF @ configuration
Enter the support PIN from your test site if applicable: Enter the name of your test site if applicable: gaming2 Enter the subdomain from your test site if applicable: gaming2 Fill in the rest of your report below: ---- Greeting guys , i found a CSRF Bug at the configuration - General form in all...
Cross-Site Request Forgery (CSRF) Via Leakage Of Authenticity Token
omniauth is susceptible to cross-site request forgery attacks. The attacks are possible because it stores POST parameters in addition to GET parameters in callback phase, thereby exposing authenticitytokens from the POST parameters and leading to bypass of cross-site request forgery protection...
omniauth leaks authenticity token in callback params
In strategy.rb in OmniAuth before 1.3.2, the authenticitytoken value is improperly protected because POST in addition to GET parameters are stored in the session and become available in the environment of the callback phase...
GitLab - impersonate Feature Privilege Escalation
GitLab - impersonate Feature Privilege Escalation Exploit Title: GitLab privilege escalation via "impersonate" feature Date: 02-05-2016 Software Link: https://about.gitlab.com/ Version: 8.2.0 - 8.2.4, 8.3.0 - 8.3.8, 8.4.0 - 8.4.9, 8.5.0 - 8.5.11, 8.6.0 - 8.6.7, 8.7.0 Exploit Author: Kaimi Website...
HackerOne: Possible CSRF during joining report as participant
Hi, I think i found a possible csrf issue with joining report as participant endpoint, Actually one of the bug got duplicated and the company added me into the original bug as a participant. then, I got invitation from hackerone to joing the report. After opening the invitation link, there was tw...
FreeBSD : redmine -- information leak vulnerability (49def4b7-9ed6-11e5-8f5c-002590263bf5)
Redmine reports : Potential data leak project names in the invalid form authenticity token error screen. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine...
Airbnb: authenticity_token is not random across page loads
In order to protect against the Breach attack, the authenticity token needs to be unique on every page load. A simple fix is to mask the token with some random bytes, which is what ruby on rails did in version 4.2.0 the exact patch is here: https://github.com/rails/rails/pull/16570/files...
X (Formerly Twitter): open redirect sends authenticity_token to any website or (ip address)
Hi, URL: https://mobile.twitter.com//example/messages there is double slash before "example" word when you click "send" after writing a message the authenticitytoken will send to https://example this URL doesn't allow any dots in it, so i can not write //example.com but when i write a number it...
X (Formerly Twitter): Open Redirect leak of authenticity_token lead to full account take over.
Hey guys URL: https://mobile.twitter.com/messages/follow?recipient=/example.com when I click 'Follow' I will send my POST request to https://example.com witch contains my authenticitytoken that can be used for anything like tweeting, following, sending messages, changing username.,.,.etc it can b...
CVE-2015-1585
Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery CSRF attacks via a request without the authenticitytoken, as demonstrated by a crafted HTML page that creates a new administrator account...
Cross site request forgery (csrf)
Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery CSRF attacks via a request without the authenticitytoken, as demonstrated by a crafted HTML page that creates a new administrator account...
HackerOne: CSP Bypass: Click handler for links with data-method="post" can cause authenticity_token to be sent off domain
Background - There has been at least one case where an attacker was able to insert arbitrary HTML into a submitted report - HackerOne uses a very strict Content Security Policy that prevents inline script and script from other origins - HackerOne uses an authenticitytoken in its POSTs to guard...
Enter: CSRF token leakage
Hi, I have noticed that when the account verification fails here : https://wallet.robocoin.com/verify/ due to an error, the CSRF token is being leaked via GET method like : https://wallet.robocoin.com/verify/id?csrf=b8ede20d-0c0b-4e16-9d05-6ad2ed8b72c4 So the authenticity token is being stored in...