.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
Advisory Information
- Title: Lastline Portal Cross-Site Request Forgery (CSRF)
- Advisory ID: SWRX-2015-002
- Date published: Monday, June 8, 2015
- CVE: CVE-2015-4125
- CVSS v2 base score: 5.1
- Date of last update: Monday, June 8, 2015
- Vendors contacted: Lastline
- Release mode: Coordinated
- Discovered by: Dana James Traversie and Sean Wright, Dell SecureWorks
Summary
Lastline is a breach detection platform that provides administrative functionality and other features via a dedicated web application. There are multiple vulnerabilities in the Lastline Portal web application due to insufficient or missing CSRF defenses. An unauthenticated, remote attacker could conduct cross-site request forgery (CSRF) attacks by persuading a user to follow a malicious link or visit an attacker-controlled website.
Download the PDF: SWRX-2015-002
Secureworks has been acquired by Sophos. To view all new blogs, including those on threat intelligence from the Counter Threat Unit, visit: https://news.sophos.com/en-us/.