Closed Bug 767703 Opened 13 years ago Closed 13 years ago

Csrf - Logout user

Tracking

()

Status:

RESOLVED WONTFIX

People

(Reporter: laurens.bal, Unassigned)

References

Details

(Keywords: sec-low, wsec-csrf)

Keywords:

sec-low, wsec-csrf

Votes:

Attachments

(1 file)

Poc 13 years ago laurens.bal 92 bytes, text/plain		Details

laurens.bal

Reporter

Description

•

13 years ago

I was able to perform a csrf vulnerability to log out a user. The logout proces should have a token to prevent this. Laurens,

laurens.bal

Reporter

Comment 1

•

13 years ago

Attached file Poc — Details

Reed Loden [:reed]

Updated

•

13 years ago

Assignee: nobody → user-accounts

Component: General → User Accounts

OS: Windows 7 → All

Product: bugzilla.mozilla.org → Bugzilla

QA Contact: general → default-qa

Hardware: x86_64 → All

Version: Production → 4.2.1

Frédéric Buclin

Comment 2

•

13 years ago

I really don't want a token to log out a user. This process must remain simple. You cannot do any harm anyway. This may be annoying if someone abuses this, but harmless.

Status: UNCONFIRMED → RESOLVED

Closed: 13 years ago

Resolution: --- → WONTFIX

Daniel Veditz [:dveditz]

Updated

•

11 years ago

Keywords: sec-low, wsec-csrf

Frédéric Buclin

Updated

•

3 years ago

Duplicate of this bug: 1804385

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Csrf - Logout user

Categories

(Bugzilla :: User Accounts, defect)

Tracking

()

People

(Reporter: laurens.bal, Unassigned)

References

Details

(Keywords: sec-low, wsec-csrf)

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Comment 2

Updated

Updated

Attachment

General

Description

File Name

Content Type