
Major security vulnerability in Democratic campaign donation platform (RespDisc) - quantumtremor
http://rajk.me/actblue
======
quantumtremor
I posted this yesterday with perhaps an uninforming title.

If you agree that this is a serious vulnerability, please tweet at @actblue
and e-mail them at info@actblue.com.

Here's the introduction. ActBlue is a non-profit that organizes fundraising
efforts for Democratic causes; so far they have facilitated over a billion
dollars in donations. This page details a security vulnerability in the
ActBlue donation system.

tl;dr This vulnerability affects over three million individuals who have
donated to a Democratic cause using ActBlue Express Lane. Specifically, the
ActBlue donation system can be exploited to appropriate false donations
towards either the Hillary Clinton or Bernie Sanders campaigns. Using cross-
site request forgery, previous donors can be tricked into donating to other
Democratic candidates or causes.

