06-23-2023, 02:33 AM
Hi Team,
Got the below vulnerability in this quarter audit. In the servercontroller security option , the checkformid is already True. the version am using is 15.2.62.
Please advise how to fix this
Thanks
Pramod
HTML Form Without Anti-CSRF Token Detected
Cross-Site Request Forgery (CSRF/XSRF) is a vulnerability where an attacker tricks the victim into making a request victim did not make. So the attacker abuses the trust a web application has with a victim's browser. Mostly the HTML forms submitted have CSRF tokens embedded in them while submitting the request. If a form is without this preventive measure enabled then it's very much prone to CSRF attacks and other dependent attacks. We are checking for the existence of the known list of CSRF tokens if none of the tokens are found the target will be flagged.
Got the below vulnerability in this quarter audit. In the servercontroller security option , the checkformid is already True. the version am using is 15.2.62.
Please advise how to fix this
Thanks
Pramod
HTML Form Without Anti-CSRF Token Detected
Cross-Site Request Forgery (CSRF/XSRF) is a vulnerability where an attacker tricks the victim into making a request victim did not make. So the attacker abuses the trust a web application has with a victim's browser. Mostly the HTML forms submitted have CSRF tokens embedded in them while submitting the request. If a form is without this preventive measure enabled then it's very much prone to CSRF attacks and other dependent attacks. We are checking for the existence of the known list of CSRF tokens if none of the tokens are found the target will be flagged.