Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security scan fails after security patch and code fix

SOLVED
Go to solution
‎02-13-2018 10:25 AM
‎02-13-2018 10:25 AM

Security scan fails after security patch and code fix

The Magento security scan tool shows a failure for SUPEE-6788, "No form key validation detected on /customer/account/createpost"

 

We have installed the security patch and we have a form-validate field on the registration form in the correct path (/customer/account/createpost) named "form_key"

The form_key field is given a value and auto-complete is sets to off.

 

Is the scan looking for a different name of for the field or something?  Why are we still seeing this fail in the security scan?

0 Kudos
Reply
2 ACCEPTED SOLUTIONS

Accepted Solutions
‎02-13-2018 07:12 PM
‎02-13-2018 07:12 PM

Re: Security scan fails after security patch and code fix

@treblin

How did you install the Patch? From CLI or manual code merge? For some reason Magento security patch may not able to validate the code causing scan failed. Did you scanned your website using magereport.com? What does it says? If Magereport mark it as pass than you are good to go.

 

Problem solved? Please give 'Kudos' and accept 'Answer as Solution'.

- Tarandeep
Problem solved?Please give 'Kudos' and accept 'Answer as Solution'.

View solution in original post

Reply
‎02-14-2018 06:26 AM
‎02-14-2018 06:26 AM

Re: Security scan fails after security patch and code fix

Thanks, Tarandeep.

 

I ran a scan using magereport.com and it is showing SUPEE-6788 as properly installed.

View solution in original post

0 Kudos
Reply
2 REPLIES 2
‎02-13-2018 07:12 PM
‎02-13-2018 07:12 PM

Re: Security scan fails after security patch and code fix

@treblin

How did you install the Patch? From CLI or manual code merge? For some reason Magento security patch may not able to validate the code causing scan failed. Did you scanned your website using magereport.com? What does it says? If Magereport mark it as pass than you are good to go.

 

Problem solved? Please give 'Kudos' and accept 'Answer as Solution'.

- Tarandeep
Problem solved?Please give 'Kudos' and accept 'Answer as Solution'.
Reply
‎02-14-2018 06:26 AM
‎02-14-2018 06:26 AM

Re: Security scan fails after security patch and code fix

Thanks, Tarandeep.

 

I ran a scan using magereport.com and it is showing SUPEE-6788 as properly installed.

0 Kudos
Reply