Free Trial

Cross-Site Request Forgery (CSRF) Attack on User Management Role Handling

This document will explain you about the Cross-Site Request Forgery (CSRF) attack. Attackers were able to add a role and change role privileges for users, from browsers, where an authenticated Endpoint Central user has logged on.

Update Released Build : 91034
Update Release Date : Jun 3rd 2015

What was the Problem?

If the attackers happened to gain access to a web browser, where an authenticated Endpoint Central user had previously logged on, then they were able to perform the "Cross-Site Request Forgery Attack" by adding and changing role privileges for Endpoint Central user accounts.

How do I fix it?

This has been identified and fixed, in the Endpoint Central build # 91034. Upgrade to the latest build for this issue to be fixed.

Keywords: Security Updates, Vulnerabilities and Fixes, Adding and changing role privileges, CSRF

Was this article helpful?

Thank you for your feedback!

Sorry about that!

By clicking "Submit", you agree to processing of personal data according to thePrivacy Policy.
Back to Top