Select to view content in your preferred language

Security Fix - Reverse Tabnabbing

96
0
3 weeks ago
Status: Open
DEWright_CA
Frequent Contributor

Security scans of externally hosted Portal instances raise red-flags about this around the urls and pages for the

portalhelp/en/portal/11.3/use/use-raster-functions-to-customize-raster-analysis.htm and all other documentation pages.

 

Reverse Tabnabbing is an attack where the target page is replaced by phishing site. This is possible when target="_blank" is in use with rel="noopener" or rel="noreferrer" attacker can use JavaScript window.opener and inject malicious domain in it. When user clicks on html link they will get redirected to phishing or unintentional website. WAS detects this vulnerability during crawling and evaluates HTML links embedded in anchor tags.
Tags (1)