← back
CVE-2013-7464

CVE-2013-7464

EPSS 0.8%
In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://csrf.htmlpurifier.org/news/2013/0717-1.0.4-releasedhttp://repo.or.cz/csrf-magic.git/blob/HEAD:/NEWS.txthttp://repo.or.cz/csrf-magic.git/commit/9d2537f70d58b16aeba89779aaf1573b8d618e11