Block Expired Anti-CSRF Tokens [Updated in Security Center 1.5]
Block expired CSRF tokens to prevent cross-site request forgery attacks.
Overview
Cross-site request forgeries are a type of malicious exploit whereby unauthorized commands are performed on behalf of an authenticated user.
Configuration details
| Attribute | Description |
|---|---|
| Overview | Controls the usage of an expired secure token to identify and validate incoming requests. Set to false to prevent a previously expired token to validate an incoming request. |
| Configuration name | glide.security.csrf_previous.allow |
| Configuration type | System Properties (/sys_properties_list.do) |
| Data type | Boolean |
| Recommended value | false |
| Default value | true |
| Category | Access control |
| Security risk | Severity score: 6.5 |
| Severity rating per CVSS score: Medium | |
| Security risk details: Enforces a strong anti-CSRF mechanism to protect authenticated functionality, and effective anti-automation or anti-CSRF protects unauthenticated functionality. | |
| Dependencies and prerequisites | None |
| References | Enable Anti-CSRF token [New in Security Center 1.3, updated in 1.5, and removed in 2.0], cross-site request forgery. |