kallithea is vulnerable to cross-site request forgery (CSRF) attacks. The application does not use any CSRF protections when authenticating, allowing a malicious user to create a link that can be used with social engineering to gain access to another user’s account.