[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #5775 [- Select a component]: excito B3 tor webinterface is vulnerable to CSRF attacks
#5775: excito B3 tor webinterface is vulnerable to CSRF attacks
----------------------------------+-----------------------------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: - Select a component | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
The excito B3 webinterface (v2.4.1.1) is vulnerable to CSRF attacks (HTTP
POST only).
This is likely not specific to the tor administration webinterface but
also affects tor.
An attacker could exploit this vulnerability to enable/disable/configure
tor on the B3 if the victim browses the web while being logged in on the
B3 device.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5775>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs