Anti-CSRF Token setting should be enabled

Impact area

Security

Severity

High

Affected element

System property

Rule ID

SN-0198

Impact

Cross site Request Forgery is a significant security risk that violates the integrity of the instance data. An attacker can launch the CSRF attack on any instance user by abusing the application's trust on the instance user. With the help of social engineering attacks, a user can submit a malformed request on behalf of the attacker on the instance.

Remediation

Set the system property "glide.security.use_csrf_token" to true to enable an extra validation step before the instance user submits a write request to the instance.

Time to fix

15 min

References

This rule is linked to Common Weakness Enumeration CWE-150 Improper Neutralization of Escape.




Last modified on Oct 13, 2020