Cross-Site Request Forgery (CSRF) is a widely exploited web site vulnerability. In this paper, we present a new vari- ation on CSRF attacks, login CSRF, in which the attacker forges a cross-site request to the login form, logging the vic- tim into th