You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the majority of today's web applications, clients are required to submit forms which can __ perform sensitive operations.
An example of such a form being used would be when an administrator wishes to create a new user for the application.
In the simplest version of the form, the administrator would fill-in: Name, Password, Role (level of access)
Continuing with this example, Cross Site Request Forgery (CSRF) would occur when the administrator is tricked into clicking on a link, which if logged into the application, would automatically submit the form without any further interaction.
Cyber-criminals will look for sites where sensitive functions are performed in this manner and then craft malicious requests that will be used against clients via a social engineering attack.
There are 3 things that are required for a CSRF attack to occur:
The form must perform some sort of sensitive action.
The victim (the administrator the example above) must have an active session.
Most importantly, all parameter values must be known or guessable.
The tool discovered that all parameters within the form were known or predictable and therefore the form could be vulnerable to CSRF.
Manual verification may be required to check whether the submission will then perform a sensitive action, such as reset a password, modify user profiles, post content on a forum, etc.
Guidance:
Based on the risk (determined by manual verification) of whether the form submission performs a sensitive action, the addition of anti-CSRF tokens may be required.
These tokens can be configured in such a way that each session generates a new anti-CSRF token or such that each individual request requires a new token.
It is important that the server track and maintain the status of each token (in order to reject requests accompanied by invalid ones) and therefore prevent cyber-criminals from knowing, guessing or reusing them. For examples of framework specific remediation options, please refer to the references.
🐛 Summary
Cross-Site Request Forgery (Medium severity) CWE-352: Cross-Site Request Forgery (CSRF)
In the majority of today's web applications, clients are required to submit forms which can __ perform sensitive operations.
An example of such a form being used would be when an administrator wishes to create a new user for the application.
In the simplest version of the form, the administrator would fill-in: Name, Password, Role (level of access)
Continuing with this example, Cross Site Request Forgery (CSRF) would occur when the administrator is tricked into clicking on a link, which if logged into the application, would automatically submit the form without any further interaction.
Cyber-criminals will look for sites where sensitive functions are performed in this manner and then craft malicious requests that will be used against clients via a social engineering attack.
There are 3 things that are required for a CSRF attack to occur:
The tool discovered that all parameters within the form were known or predictable and therefore the form could be vulnerable to CSRF.
Manual verification may be required to check whether the submission will then perform a sensitive action, such as reset a password, modify user profiles, post content on a forum, etc.
Guidance:
Based on the risk (determined by manual verification) of whether the form submission performs a sensitive action, the addition of anti-CSRF tokens may be required.
These tokens can be configured in such a way that each session generates a new anti-CSRF token or such that each individual request requires a new token.
It is important that the server track and maintain the status of each token (in order to reject requests accompanied by invalid ones) and therefore prevent cyber-criminals from knowing, guessing or reusing them. For examples of framework specific remediation options, please refer to the references.
References:
Acceptance Criteria:
Resolve Checkmarx findings for the category Resolve Cross-Site Request Forgery that are in the frontend.
Any helpful log output or screenshots
Paste the results here:
Add any screenshots of the problem here.
The text was updated successfully, but these errors were encountered: