Cross-Site Request Forgery (CRSF) Security Violations
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser. (see Wikipedia)
Although CSRF violations can an indication of an attack, most are not caused by malicious actions but are merely a result of the user attempting to re-display a page. For example, a user might use the browser back-arrow or a saved link to re-display a page. If that page requires a CSRF code to modify the database, the attempted reuse of that code will be rejected. This protects both the user and the site from unintended actions.
If you see a Request Security Violation, think about what you just did. If you unintentionally re-displayed a page, simply move on, no harm done. If, however, you know of no action on your part that may have caused the violation and this occurs regularly, please contact 435-503-8955 or 800-764-0844.
CSRF-1 | — | blank | Security code must be provided and cannot be left blank. | |
CSRF-2 | — | wrong count | Security code is not properly formed. | |
CSRF-3 | — | bad id | Security code contains bad ID. | |
CSRF-4 | — | bad uid | Security code contains bad user ID. | |
CSRF-5 | — | not authentic | Security code is invalid, may have been garbled in handling or transmission. | |
CSRF-6 | — | not found | Security code not found in database. This may be an indication that it was an old security code. | |
CSRF-7 | — | already used | Security codes cannot be used more than once. | |
CSRF-8 | — | mismatched user id | The user ID in the security code doesn't match the current user. | |
CSRF-9 | — | missmatched session | The user session is not the same as that of the security code. | |
CSRF-10 | — | missmatched session | The user session is not the same as that of the security code with ajax_on. | |
CSRF-11 | — | expired | The security code was not used within the allotted time. |
~ Our Solutions ~ Privacy Policy ~ Contact Us ~
CORE Payments Version 4.1.17409; (API: 2.22)