Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersCSRF Token In URLS In Covid Certificate Site
gunnerjnz

4 posts

Wannabe Geek


#290187 26-Oct-2021 12:46
Send private message

The covid certificate site, puts its csrf tokens, nonces etc in it's urls. Isn't this inherently insecure?



 


OWASP says any change of state transactions shouldn't have csrf in the url. 


This URL is for signing up to the certificate site.   The previous screen disclosed nonces etc in the clear.


I've sent a contact and asked them but had no response.


 

Create new topic

This is a filtered page: currently showing replies marked as answers. Click here to see full discussion.

jonherries
1433 posts

Uber Geek
+1 received by user: 316

Trusted
Subscriber

  #2802565 28-Oct-2021 10:45
Send private message

Thanks, we have seen this. Please continue to use our disclosure mailbox in the first instance. Consistent with our policies we wont be discussing this here.

Jon

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright