The point about CSRF that many people do not understand is that you can fall victim
- without knowing it has happened
- without clicking a malicious link
- without JavaScript enabled in your browser
- with your company having an iron-clad perimeter firewall
Wednesday, February 4, 2009
CSRF in Novell GroupWise WebAccess
Adrian Pastor found some nasty CSRF issues in Novell GroupWise WebAccess. The one that is truly evil genius is being able to use CSRF to create a forwarding rule in the victim's email settings, allowing an attacker to get a copy of every email the victim receives. Imagine if an executive in a company fell victim. Talk about information leakage!
The point about CSRF that many people do not understand is that you can fall victim
The point about CSRF that many people do not understand is that you can fall victim
