Enforcing CSRF token verification on logout

Incident Report for The Things Network

Resolved

We recently made sure that the logout navigates path validates a CSRF token. This ensures that the user will not be logged out by third parties.

We would like to thank security researcher Nikhil Rane for using responsible disclosure for reporting this issue and making The Things Network a safer place.

Read more about our responsible disclosure policy: https://www.thethingsnetwork.org/responsible-disclosure
Posted Jun 22, 2022 - 12:00 CEST