Enforcing CSRF token verification on logout
Incident Report for The Things Network
We recently made sure that the logout navigates path validates a CSRF token. This ensures that the user will not be logged out by third parties.

We would like to thank security researcher Nikhil Rane for using responsible disclosure for reporting this issue and making The Things Network a safer place.

Read more about our responsible disclosure policy: https://www.thethingsnetwork.org/responsible-disclosure
Posted Jun 22, 2022 - 12:00 CEST