lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] For your protection, access to this resource is secured a

From: David Woolley
Subject: Re: [Lynx-dev] For your protection, access to this resource is secured against CSRF.
Date: Mon, 2 Jan 2023 14:56:26 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.13.0 
On 02/01/2023 13:19, jindam.vani--- via Lynx-dev wrote:

i receive error clicking logout on webmail.disroot.org
error: "For your protection, access to this resource
is secured against CSRF. If you see this, you
probably didn't log out before leaving the web
application."
disroot use roundcube for email
I assume this is a fix for CVE-2020-12626 <https://nvd.nist.gov/vuln/detail/CVE-2020-12626> or maybe a fix for the vulnerability that wasn't properly fixed before.
I haven't explored deep into the code, but my guess is that they use scripting to calculate a return value that isn't in a cookie. I'm not sure why they can't include that in the submit URL, or a hidden parameter, as I think it is only cookies that get returned with injected requests.
Do you know the version number (ideally before and after)? The CVE was "fixed" in 1.4.4.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]