[research] CSRF vulnerability in Drupal Browser ID module

mozilla / django-browserid

Django application for adding BrowserID support.

Mozilla Public License 2.0

179 stars 80 forks source link

[research] CSRF vulnerability in Drupal Browser ID module #179

Closed andresriancho closed 11 years ago

andresriancho commented 11 years ago

There is a CSRF vulnerability in Drupal Browser ID module [0], it might be a good idea to review it in detail and understand if the django module is vulnerable too.

[0] https://drupal.org/node/2059599

Osmose commented 11 years ago

Thanks for the heads up! :D

We rely on the Django-provided CSRF mechanisms, so this shouldn't apply to us, and any vulnerabilities would be fixed by the Django team, not us. Closing this out, thanks again!