0

I am using codeigniter 3.1.9.

I have enabled my CSRF protection with csrg_regenerate set to true. It works fine, the token regenerates every time on Post request, validation works as well. On top of that, I have also set my cookie to same-site strict connection only.

I then submitted for penetration test assessment to the security team, they rejected my work because of csrf attacks vulnerability.

The argument was, they changed the cookie token and post params, then perform the attacks.

Here is the proof: image

Their response : CSRF token is not securely implemented. An attacker can still perform a CSRF attack using any value to the csrf_cookie_name Cookie and csrf_test_name parameter.

How can I solve this ?

Thanks

kit
  • 1,166
  • 5
  • 16
  • 23
Leong Yew Hwa
  • 1
  • Maybe [this](https://stackoverflow.com/questions/3132338/codeigniter-session-help-cookies-not-secure) SO question could help you. – Jeroen Heier Nov 29 '18 at 07:00

1 Answers1

0

Its the first time to see a security token stored in cookies on the client side that's why of course your system is vulnerable.

You must store the token in your session that makes them impossible to retrieve.

The way to implement it:

Create a hidden input in your form with the csrf token and on form submit compare it with your token that is stored in the session.

Sherif Salah
  • 2,085
  • 2
  • 9
  • 21
  • thanks for the reply. came across this article regarding tokens in cookies https://security.stackexchange.com/questions/182934/csrf-tokens-in-cookies – Leong Yew Hwa Nov 29 '18 at 08:50