SSL Visibility appliance sees CSRF Token Mismatch
Article ID: 168672
Updated On:
Products
SSL Visibility Appliance Software
Issue/Introduction
This will sometimes be seen after a browser session has timed out to the appliance. You will see the following pop-up:
Cause
The WebUI is vulnerable to cross site request forgery (CSRF). A remote attacker can gain access to the WebUI by persuading an administrator to visit a malicious website using spear phishing emails or other social engineering techniques. If the administrator is already authenticated to the SSL Visibility appliance, the remote attacker can use the existing session to perform actions as the administrator without the administrator’s knowledge. More details are available via Security Advisories ID: SA96.
Resolution
Workaround
As a workaround, the user is required to close the browser and start a fresh browser session.Attachments
Feedback
Powered by
