You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I don't have time to process this now, but in a quick look the report looks quite useless. It describes some general rules mostly about session security and tokens, but does not describe real issues.
@glraj70 publishing vulnerability reports in a public forum without first giving devs an opportunity to address those vulnerabilities is not very friendly, you risk handing information to bad actors putting your own installation and others at greater risk. Also as a general rule its best to limit tickets to single issues this makes for easier tracking and management.
In this case the report does not contain much in the way of any actual problems though. It lists 3 potential issues:
Session token in URL - this is part of the CSRF and only used in situations where POST is not practical. IMO this is low risk but mitigations also already exist for this, look at the use_secure_urls config option
Parameter Tampering - I do not understand what issue is being described here
Hi Johndoh,
Thanks for the reply .
Apologies for posting in public forum. In future i will post as single issues.
I will close this case.
Kindly delete the post from the forum.
Hello,
I will repost as single issues
Regards,
Rajesh G L
The text was updated successfully, but these errors were encountered: