As part of our recent efforts to increase the security of our users, LoanPro has introduced mitigations for the most common Web application exploits. One of such mitigations is for cross-site request forgery (sometimes abbreviated as XSRF or CSRF). These type of vulnerabilities exploit the trust of a website (LoanPro in this case) has in a user’s browser.
Due to these mitigations some of our users may experience difficulties logging in, or once logged in difficulties accessing a tenant (in case of having access to multiple tenants). The solution is to clear your browser cache and/or log out and then log back in. This will force LoanPro to re-generate the XSRF token used to verify that the request is legitimate, and there shouldn’t be any problem afterward.
If you experience any issues then please log out & then clear your browser cache to resolve the issue, this is possible for up to the next 48 hours.
César Olea - Director of Software Development Simnang
Posted May 07, 2019 - 17:36 MDT
This incident affected: LoanPro - LMS Web Application.