Unable to use the password reset function in Symantec Messaging Gateway after upgrading to 10.6.6.
search cancel

Unable to use the password reset function in Symantec Messaging Gateway after upgrading to 10.6.6.

book

Article ID: 172764

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Trying to use the password reset feature in Messaging Gateway after upgrading to 10.6.6 may result in a Cross Site Request Forgery error page that does not allow you to reset the password.

The Control Center responds with:
Possible Cross Site Request Forgery

Cross Site Request Forgery Exception

You are being directed to this page because of a possible, un-authorized, attempt to access a page using Request Forgery.


If you are a valid user, please go back and re-try the operation.


Please try to avoid using multiple browsers/browser tabs when accessing the application.
 
The Control Center log file will have similar to the following: 
Oct 22 2018 12:16:47 [http-bio-41443-exec-5] [DefaultAction] ERROR - Anti-CSRF :
Invalid token for saving details. Possible Cross-Site Request Forgery request.
Skipping processing....URL :
https://smgccs.internal.test:41443/brightmail/action14.do
Oct 22 2018 12:16:47 [http-bio-41443-exec-5] [DefaultAction] ERROR - Anti-CSRF :
Method trying to be invoked : public org.apache.struts.action.ActionForward
com.symantec.smg.controlcenter.accesscontrol.LoginAction.passwordReset(org.apache.struts.action.ActionMapping,
org.apache.struts.action.ActionForm,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
throws java.lang.Exception



 
 

Resolution

Symantec is currently investigating this issue. Please subscribe to this KB for updates.

Powered by Wolken Software