cancel
Showing results for 
Search instead for 
Did you mean: 

Security scan fails after security patch and code fix

SOLVED

Security scan fails after security patch and code fix

The Magento security scan tool shows a failure for SUPEE-6788, "No form key validation detected on /customer/account/createpost"

 

We have installed the security patch and we have a form-validate field on the registration form in the correct path (/customer/account/createpost) named "form_key"

The form_key field is given a value and auto-complete is sets to off.

 

Is the scan looking for a different name of for the field or something?  Why are we still seeing this fail in the security scan?

2 REPLIES
Highlighted

Re: Security scan fails after security patch and code fix

@treblin

How did you install the Patch? From CLI or manual code merge? For some reason Magento security patch may not able to validate the code causing scan failed. Did you scanned your website using magereport.com? What does it says? If Magereport mark it as pass than you are good to go.

 

Problem solved? Please give 'Kudos' and accept 'Answer as Solution'.

Thanks,
Tarandeep
Magento 2 Certified Solution Specialist (x2). Follow me on Twitter

Re: Security scan fails after security patch and code fix

Thanks, Tarandeep.

 

I ran a scan using magereport.com and it is showing SUPEE-6788 as properly installed.