- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Magento security scan tool shows a failure for SUPEE-6788, "No form key validation detected on /customer/account/createpost"
We have installed the security patch and we have a form-validate field on the registration form in the correct path (/customer/account/createpost) named "form_key"
The form_key field is given a value and auto-complete is sets to off.
Is the scan looking for a different name of for the field or something? Why are we still seeing this fail in the security scan?
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How did you install the Patch? From CLI or manual code merge? For some reason Magento security patch may not able to validate the code causing scan failed. Did you scanned your website using magereport.com? What does it says? If Magereport mark it as pass than you are good to go.
Problem solved? Please give 'Kudos' and accept 'Answer as Solution'.
Problem solved?Please give 'Kudos' and accept 'Answer as Solution'.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, Tarandeep.
I ran a scan using magereport.com and it is showing SUPEE-6788 as properly installed.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How did you install the Patch? From CLI or manual code merge? For some reason Magento security patch may not able to validate the code causing scan failed. Did you scanned your website using magereport.com? What does it says? If Magereport mark it as pass than you are good to go.
Problem solved? Please give 'Kudos' and accept 'Answer as Solution'.
Problem solved?Please give 'Kudos' and accept 'Answer as Solution'.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content