SSL Visibility appliance sees CSRF Token Mismatch

book

Article ID: 168672

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

This will sometimes be seen after a browser session has timed out to the appliance.  You will see the following pop-up:

csrf mismatch pop-up

Cause

The WebUI is vulnerable to cross site request forgery (CSRF). A remote attacker can gain access to the WebUI by persuading an administrator to visit a malicious website using spear phishing emails or other social engineering techniques. If the administrator is already authenticated to the SSL Visibility appliance, the remote attacker can use the existing session to perform actions as the administrator without the administrator’s knowledge.  More details are available via Security Advisories ID: SA96.

Resolution



 

Workaround

As a workaround, the user is required to close the browser and start a fresh browser session.

Attachments