Reverse tabnabbing allowing phishing attacks | AEM

Question

Reverse tabnabbing allows phishing attacks by using the external links from AEM. For example, the links to the documentation from the "?" symbol.
Is it a serious threat and what to do to avoid that?

Answer

Reverse tabnabbing is out of the scope of AEM threat-model as it is a browser issue, which cannot be easily mitigated at the product level.
The following quote from Google security explains this issue:

Unfortunately, we believe that this class of attacks is inherent to the current design of web browsers and can't be meaningfully mitigated by any single website; in particular, clobbering the window. opener property limits one of the vectors but still makes it easy to exploit the remaining ones.

Additional information

 Adobe

更快、更輕鬆地獲得協助

新的使用者?

Adobe MAX 2024

Adobe MAX
創意大會

10 月 14 至 16 日邁阿密海灘和線上

Adobe MAX

創意大會

10 月 14 至 16 日邁阿密海灘和線上

Adobe MAX 2024

Adobe MAX
創意大會

10 月 14 至 16 日邁阿密海灘和線上

Adobe MAX

創意大會

10 月 14 至 16 日邁阿密海灘和線上