Reverse tabnabbing allowing phishing attacks

Reverse tabnabbing allowing phishing attacks | AEM

Buscar

En esta página

Question
Answer
Additional information

Se aplica a: Experience Manager

Reverse tabnabbing allows phishing attacks by using the external links from AEM. For example, the links to the documentation from the "?" symbol.
Is it a serious threat and what to do to avoid that?

Reverse tabnabbing is out of the scope of AEM threat-model as it is a browser issue, which cannot be easily mitigated at the product level.
The following quote from Google security explains this issue:

Unfortunately, we believe that this class of attacks is inherent to the current design of web browsers and can't be meaningfully mitigated by any single website; in particular, clobbering the window. opener property limits one of the vectors but still makes it easy to exploit the remaining ones.

https://sites.google.com/site/bughunteruniversity/nonvuln/phishing-with-window-opener.

Los términos de Creative Commons no cubren las publicaciones en Twitter™ y Facebook.

Avisos legales | Política de privacidad en línea

Reverse tabnabbing allowing phishing attacks | AEM

Question

Answer

Additional information

Pregunte a la comunidad

Contacto