PT-2024-20861 · Unknown · 3Dsecure 2.0
Published
2024-09-10
·
Updated
2024-10-22
·
CVE-2024-25286
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
3DSecure 2.0 version 3DS Authorization Method
Description
A Cross-Site Request Forgery (CSRF) issue was identified in the Authorization Method of 3DSecure 2.0, allowing for potential exploitation via modified Origin and Referer HTTP headers.
Recommendations
For 3DSecure 2.0 version 3DS Authorization Method, consider implementing proper validation of the Origin and Referer HTTP headers to prevent CSRF attacks. As a temporary workaround, restrict access to the Authorization Method until a patch is available.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
3Dsecure 2.0