Improper CSRF token validation allows attackers to access victim’s accounts linked to Hackerone