CSRF vulnerabilities exist when the identity of the user is the only safeguard used to protect an important action.