Details
-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
Professional Edition
-
None
-
Observium Professional 17.10.8879
Description
Attempting to delete a user does not work. The confirm page appears, but "Click to confirm" results in being redirected back to the edit user page with a pair of messages that both read:
WARNING. Possible CSRF attack with EMPTY request token.
The logs show this URL being requested:
clientIPremoved [06/Oct/2017:11:09:38 +0100] "GET /edituser/action=deleteuser/user_id=8/confirm=yes/ HTTP/1.1" 200 151653
Adding the /requesttoken=f08d0etcetcetc/ to the URL results in the user being deleted successfully.