CSRF Token Reuse Vulnerability in Django Caching Framework
CVE-2014-0473 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.
Learn more about our User Device Pen Test.