966183 - [Bug Bounty] [Vulnerability Report] Login CSRF On Bugzilla.Mozilla.org

Status: RESOLVED DUPLICATE of bug 713926

(bugzilla.mozilla.org :: API, defect)

Description

[pbssubhash]

User Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.102 Safari/537.36

Steps to reproduce:

Actually When we Login into bugzilla account there should be some csrf token and also header verification , But there is absolutely no protection for the signin form against csrf attack ! 
You may think whats the issue with login csrf ! There are even some people who are hearing this kindoff csrf attack for the first time, But infact now-a-days these type of attacks are carried out ; 
For example i give the victim a html form using which my account will be logged into.
He wants to report some bug then when he goes to bugzilla.mozilla.org then he files that bug using my account ; i can get back to my account after some time and then i can publicize the bug and can cause harm to your infrastructure without giving the time for you to patch..
For eg:if it is a dos of firefox bug then i can use it to crash mozilla users and make them shift to some other browsers ! 
these can be a little bit devasting !


Please have a look into :- 
http://www.ethicalhack3r.co.uk/login-cross-site-request-forgery-csrf/


Actual results:

When i was trying to login there was no token being generated and moreover there was no X-CSRF Header Protection ! 


Expected results:

I expected that there must be a X-CSRF header and token verification that wouldn't allow this login csrf to happen !

Comment 1

[pbssubhash]

Please add sec-bounty flag ! 

Regards

Comment 2

[Frédéric Buclin]

Already reported several times.