Tag
#csrf
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos 0.9.0 and prior.
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos 0.9.0 and prior.
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos 0.9.0 and prior.
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos 0.9.0 and prior.
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos 0.9.0 and prior.
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1.
Epic web security fails and salutary lessons from another inevitably eventful year in infosec
CSRF tokens are generated using math/rand, which is not a cryptographically secure rander number generation, making predicting their values relatively trivial and allowing an attacker to bypass CSRF protections which relatively few requests.