Lack of Anti-CSRF Protection on Business Central

Solution In Progress - Updated -

Issue

There is no anti-CSRF token used by Business Central. This could allow attackers to capture a user’s session token and then replay it for attacks.

Environment

Red Hat JBoss BPM Suite 6.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.