Robust Defenses for Cross-Site Request Forgery
Cross-Site Request Forgery (CSRF) is a widely exploited web site vulnerability. This paper presents a new variation on CSRF attacks, login CSRF, in which the attacker forges a cross-site request to the login form, logging the victim into the honest web site as the attacker. The severity of login CSRF vulnerability varies by site, but it can be as severe as a cross-site scripting vulnerability. It detailed three major CSRF defense techniques and find shortcomings with each technique. Its observations do suggest, however, that the header can be used today as a reliable CSRF defense over HTTPS, making it particularly well-suited for defending against login CSRF. It also proposes that browsers implement the Origin header, which provides the security benefits of the Referer header while responding to privacy concerns.