CSRF Vulnerability in hsweb 3.0.4: Inadequate State Parameter Comparison

CSRF Vulnerability in hsweb 3.0.4: Inadequate State Parameter Comparison

CVE-2018-20595 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful.

Learn more about our Web App Pen Testing.