full disclosure

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.

Detailed response to publicly posted CSRF concerns in Drupal 7.12

Posted by greggles on March 9, 2012 at 6:24pm

Several sources are publishing a supposed vulnerability in Drupal. One source is the security site Packet Storm Security and attached here. This post is a response to that issue.

Summary

The Drupal Security team has concluded that this does not constitute a valid vulnerability. The attack depends on a "Man In the Middle" attack or sniffing software, which is outside of Drupal and presents a much bigger risk.

Subscribe with RSS

New groups

INACTIVE GROUP
Western Ohio User Group
Goa Drupal Community
Drupal community in Democratic republic of Congo
Liverpool
Chandigarh Drupal Geeks (C.D.G.)
API-First Working Group
Compony opinionated developers
Drupal Kashmir
4SPOTS

Sites using Thunder

7 years 10 weeks ago
Drupal Libraries

15 years 39 weeks ago
Media sites using Drupal

16 years 41 weeks ago
Current advice for developing a newspaper or magazine site with Drupal

6 years 11 weeks ago

full disclosure

Detailed response to publicly posted CSRF concerns in Drupal 7.12

Summary

New groups

Hot content this week