CSRF Token Reuse Vulnerability in Django Caching Framework

CSRF Token Reuse Vulnerability in Django Caching Framework

CVE-2014-0473 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.

Learn more about our User Device Pen Test.