CSRF Token Placement Vulnerability in Roland Gruber Softwareentwicklung LDAP Account Manager

CSRF Token Placement Vulnerability in Roland Gruber Softwareentwicklung LDAP Account Manager

CVE-2018-8764 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.

Learn more about our Web Application Penetration Testing UK.