usd-2018-0004 | Starface/

Advisory ID: usd-2018-0004
CVE Number: N/A
Affected Product: Starface
Affected Version:
Vulnerability Type: Cross-site request forgery (CSRF)
Security Risk: Medium
Vendor URL:
Vendor Status:: Not fixed


In a CSRF attack the attacker can take actions of the web application in behalf of the victim. Therefore the user has to click on a malicious link of the attacker while being logged in to the web application.

Proof of Concept 

The whole Starface application does not make use of any CSRF tokens.
=> PoC will be published when all issues are fixed.


Make sure that requests which change the state of the application (like add/change user information) have a valid CSRF token.


The security vulnerabilities were found by Sebastian Puttkammer of usd AG.