CSRF vulnerabilities in trac
|Reported by:||Owned by:||Jonas Borgström|
Despite , trac appears to still be vulnerable to a fairly widespread class of Cross Site Request Forgery attacks.
These attacks require minimal action by the user: All the user needs to do is:
- be logged into a targeted trac installation, and
- visit a malicious remote web site (or click a malicious remote link) with the same browser
Because these attacks make use of the browsers' cached credentials, and they are launched from the browser (not from the malicious remote site), firewalls and other perimeter restrictions are not useful against them.
I've put a demonstration of this attack up here, along with details of how trac might be modified to protect against such an attack.
Please let me know if i can be of any help fixing this.
Change History (33)
comment:3 Changed 12 years ago by
|Priority:||normal → high|
|Severity:||normal → critical|
|Summary:||CSRF vulnerabilities in trac → Test Ticket for CSRF on Trac|
comment:5 Changed 12 years ago by
|Summary:||Test Ticket for CSRF on Trac → CSRF vulnerabilities in trac|
comment:19 Changed 12 years ago by
|Milestone:||0.10.2 → 0.10.1|
|Status:||assigned → closed|