A demonstration of the attack can be seen here: https://www.youtube.com/watch?v=oTycM5mQSpQ
This probably a stupid question but what can you do with a leaked CSRF token ? Isn’t it generated freshly every time a form is rendered ?
Reading their countermeasures it would seem to indicate that disabling 3rd party-cookies in the browser would prevent the attack, right ?
A demonstration of the attack can be seen here: https://www.youtube.com/watch?v=oTycM5mQSpQ
This probably a stupid question but what can you do with a leaked CSRF token ? Isn’t it generated freshly every time a form is rendered ?
Reading their countermeasures it would seem to indicate that disabling 3rd party-cookies in the browser would prevent the attack, right ?