Observed on:
All Horizon implementations using Django versions prior to 1.7
Problem description:
Http session cookie (Horizon cookie) containing CSRF token is stored on disk for a long period of time.
This makes possible to perform CSRF attack on Horizon when cookie gets revealed/stolen from disk.
Observed on:
All Horizon implementations using Django versions prior to 1.7
Problem description:
Http session cookie (Horizon cookie) containing CSRF token is stored on disk for a long period of time.
This makes possible to perform CSRF attack on Horizon when cookie gets revealed/stolen from disk.
Upstream bug report: /bugs.launchpad .net/horizon/ +bug/1369865
https:/
Solution proposal: /www.owasp. org/index. php/Cross- Site_Request_ Forgery_ %28CSRF% 29_Prevention_ Cheat_Sheet# CSRF_Prevention _without_ a_Synchronizer_ Token /benjaminhorn. io/code/ setting- cors-cross- origin- resource- sharing- on-apache- with-correct- response- headers- allowing- everything- through/
- patch Django shipped with MOS
- apply other CSRF preventive actions:
https:/
https:/