Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-24895: [Security/Http] Remove CSRF tokens from storage on successful login · symfony/security-bundle@076fd20

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch.

CVE
Open in Source
#csrf#web#php#auth

@@ -19,12 +19,15 @@ class CsrfFormLoginTest extends AbstractWebTestCase

public function testFormLoginAndLogoutWithCsrfTokens($config)

{

$client = $this->createClient([‘test_case’ => 'CsrfFormLogin’, ‘root_config’ => $config]);

static::$container->get(‘security.csrf.token_storage’)->setToken('foo’, ‘bar’);

$form = $client->request('GET’, ‘/login’)->selectButton(‘login’)->form();

$form['user_login[username]'] = 'johannes’;

$form['user_login[password]'] = 'test’;

$client->submit($form);

$this->assertFalse(static::$container->get(‘security.csrf.token_storage’)->hasToken(‘foo’));

$this->assertRedirect($client->getResponse(), ‘/profile’);

$crawler = $client->followRedirect();

@@ -48,11 +51,14 @@ public function testFormLoginAndLogoutWithCsrfTokens($config)

public function testFormLoginWithInvalidCsrfToken($config)

{

$client = $this->createClient([‘test_case’ => 'CsrfFormLogin’, ‘root_config’ => $config]);

static::$container->get(‘security.csrf.token_storage’)->setToken('foo’, ‘bar’);

$form = $client->request('GET’, ‘/login’)->selectButton(‘login’)->form();

$form['user_login[_token]'] = '’;

$client->submit($form);

$this->assertTrue(static::$container->get(‘security.csrf.token_storage’)->hasToken(‘foo’));

$this->assertRedirect($client->getResponse(), ‘/login’);

$text = $client->followRedirect()->text(null, true);

Related news

GHSA-3gv2-29qc-v67m: Symfony vulnerable to Session Fixation of CSRF tokens

Description ----------- When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables [same-site attackers](https://canitakeyoursubdomain.name/) to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. Resolution ---------- Symfony removes all CSRF tokens from the session on successful login. The patch for this issue is available [here](https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4) for branch 4.4. Credits ------- We would like to thank Marco Squarcina for reporting the issue and Nicolas Grekas for fixing it.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE