Versions Compared

Old Version 27

changes.mady.by.user Former user

Saved on

compared with

New Version 28

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Track a victims activity because it is happening in their own session.
  2. Trick the victim into entering sensitive information into an attackers session/account e.g. bank account details etc.


Appendix A describes an example Login CSRF attack on the IdP.

Option 1 - ViewScoped CSRF Token

...