Hi folks,
When I try to login into Kayako fusion with Windows Authentication I got stuck with this error message. I got this error message in both the browser Internet explorer and Firefox. How to find the root cause of this error? Do I need to change the settings in web.config. Please help me. Your help is great. Thanks.
0oops! A cross site Request Forgery attempt has been detected; cannot continue with the required action. Invalid department ID specified; select a valid department.
The instruction at 0x774c01b8 referenced memory at 0x00000050. The memory could not be read. Click on ok to terminate the program
A cross site Request Forgery attempt has been detected
That error is actually part of Kayako's security checks, so one of them must be failing
A cross site Request Forgery attempt has been detected
CSRF or Cross Site Request Forgery is used to allow user to do certain actions unintentionally on your site. It usually takes advantage of the trust that your site has for users that logged in already. And to make this successful, your website should trace the user's logged in with cookies, and they should be logged in to your site before they go to a site or click the links that the attacker provided for the user. A attacker doesn't always need to convince the users to click on their links to start the attack. There are many ways that will cause a user to click on their links. Example, if a site such as forums or social networking accounts has been accessed by the attacker, they can add image tags which includes the link to the targeted site. This link will be used to force the browser to make actions through the session credentials they used when they logged in with different effects of submitting the link. So that when the page opens, the user has already clicked the link that is placed on the image tag and the allowed action has been done without your permission. If you are the administrator, this attack can potentially let the attacker to have control on the whole web application.
If this happens on Kayako Fusion, try contacting their customer support and inform them on the situation you are having.
