Cross-Site Request Forgery (CSRF) in emoncms/dashboard
Jul 22nd 2021
csrf bug to regenerate api-key
💥 STEP TO REPRODUCE
- First login into your account and open the link
http://localhost/emoncms/user/newapikeywrite.jsonand a new api key will be generated.
Any attacker can send those link to vicitm and when vicitm open the link then api-key will be changed