LPS-66682 CSRF token is persisted in database

Description

Cross-Site Request Forgery (CSRF) tokens are persisted in the database and may make it easier for an attacker to launch a CSRF attack.

Severity

Severity 2

Fixed Version(s)

Publication date: Thu, 16 Jun 2016 09:54:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.