A cross site Request Forgery attempt has been detected

Asked By Kurt A Munoz 10 points N/A Posted on - 02/20/2014

Hi folks,

When I try to login into Kayako fusion with Windows Authentication I got stuck with this error message. I got this error message in both the browser Internet explorer and Firefox. How to find the root cause of this error? Do I need to change the settings in web.config. Please help me. Your help is great. Thanks.

0oops! A cross site Request Forgery attempt has been detected; cannot continue with the required action. Invalid department ID specified; select a valid department.

The instruction at 0x774c01b8 referenced memory at 0x00000050. The memory could not be read. Click on ok to terminate the program

• Status: Open
• Question Views: 2520
• Answer Count: 2
• Vote Up 0 Vote Down

• Answer Accepted: Yes
• Question Category: Virus & Spyware

Best Answer by Brett Dorothy

Go To Solution

Best Answer

Best Answer

Answered By Brett Dorothy 0 points N/A #189398

A cross site Request Forgery attempt has been detected

That error is actually part of Kayako's security checks, so one of them must be failing

About Brett Dorothy

Questions
0

Answers
35

Best Answers
8

• Vote Up 0 Vote Down

• Posted on - 02/25/2014
• Question Category: Virus & Spyware

Answered By cyrilsia01 1065 points N/A #189399

A cross site Request Forgery attempt has been detected

CSRF or Cross Site Request Forgery is used to allow user to do certain actions unintentionally on your site. It usually takes advantage of the trust that your site has for users that logged in already. And to make this successful, your website should trace the user's logged in with cookies, and they should be logged in to your site before they go to a site or click the links that the attacker provided for the user. A attacker doesn't always need to convince the users to click on their links to start the attack. There are many ways that will cause a user to click on their links. Example, if a site such as forums or social networking accounts has been accessed by the attacker, they can add image tags which includes the link to the targeted site. This link will be used to force the browser to make actions through the session credentials they used when they logged in with different effects of submitting the link. So that when the page opens, the user has already clicked the link that is placed on the image tag and the allowed action has been done without your permission. If you are the administrator, this attack can potentially let the attacker to have control on the whole web application.

If this happens on Kayako Fusion, try contacting their customer support and inform them on the situation you are having.

About cyrilsia01

Questions
1

Answers
388

Best Answers
59

• Vote Up 0 Vote Down

• Posted on - 02/25/2014
• Question Category: Virus & Spyware