ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Unable to use the password reset function in Symantec Messaging Gateway after upgrading to 10.6.6.

book

Article ID: 172764

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Trying to use the password reset feature in Messaging Gateway after upgrading to 10.6.6 may result in a Cross Site Request Forgery error page that does not allow you to reset the password.

The Control Center responds with:
Possible Cross Site Request Forgery

Cross Site Request Forgery Exception

You are being directed to this page because of a possible, un-authorized, attempt to access a page using Request Forgery.


If you are a valid user, please go back and re-try the operation.


Please try to avoid using multiple browsers/browser tabs when accessing the application.
 
The Control Center log file will have similar to the following:
Oct 22 2018 12:16:47 [http-bio-41443-exec-5] [DefaultAction] ERROR - Anti-CSRF :
Invalid token for saving details. Possible Cross-Site Request Forgery request.
Skipping processing....URL :
https://smgccs.internal.test:41443/brightmail/action14.do
Oct 22 2018 12:16:47 [http-bio-41443-exec-5] [DefaultAction] ERROR - Anti-CSRF :
Method trying to be invoked : public org.apache.struts.action.ActionForward
com.symantec.smg.controlcenter.accesscontrol.LoginAction.passwordReset(org.apache.struts.action.ActionMapping,
org.apache.struts.action.ActionForm,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
throws java.lang.Exception



 
 

Resolution

Symantec is currently investigating this issue. Please subscribe to this KB for updates.