CVE-2018-11406: CSRF Token Fixation
In Summary : By default, a user’s session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_...
https://updatesinfosec.blogspot.com/2018/05/cve-2018-11406-csrf-token-fixation.html
In Summary :
By default, a user’s session is invalidated when the user is logged out. This behavior can be disabled through the
kindly refer the following link as follow up :
http://symfony.com/blog/cve-2018-11406-csrf-token-fixation
By default, a user’s session is invalidated when the user is logged out. This behavior can be disabled through the
invalidate_session option. In this
case, CSRF tokens where not erased during logout which allowed for
CSRF token fixation.[...]kindly refer the following link as follow up :
http://symfony.com/blog/cve-2018-11406-csrf-token-fixation
