wathne / dat250-2024-assignment

MIT License
0 stars 0 forks source link

Absence of Anti-CSRF Token #5

Closed LisaCabot closed 3 weeks ago

LisaCabot commented 1 month ago

Description: Trick the web page into thinking a user has made a request Potential Impact: The hacker may get access to an account and will be able to do whatever the account has privileges for, like pose as the account, change details, or if the account is an administrator or account with more privileges, steal or change information from the web page. Affected part of the application: Different inputs around the page. Type of vulnerability: Cross-Site Request Forgery (https://cwe.mitre.org/data/definitions/352.html)

LisaCabot commented 3 weeks ago

Added Token in config, init and in all the forms in the html.j2 files