XSRF Token Refresh Possibly Needed
Incident Report for LoanPro
As part of our recent efforts to increase the security of our users, LoanPro has introduced mitigations for the most common Web application exploits. One of such mitigations is for cross-site request forgery (sometimes abbreviated as XSRF or CSRF). These type of vulnerabilities exploit the trust of a website (LoanPro in this case) has in a user’s browser.

Due to these mitigations some of our users may experience difficulties logging in, or once logged in difficulties accessing a tenant (in case of having access to multiple tenants). The solution is to clear your browser cache and/or log out and then log back in. This will force LoanPro to re-generate the XSRF token used to verify that the request is legitimate, and there shouldn’t be any problem afterward.

If you experience any issues then please log out & then clear your browser cache to resolve the issue, this is possible for up to the next 48 hours.


César Olea - Director of Software Development
Posted May 07, 2019 - 17:36 MDT
This incident affected: LoanPro Web Application.