RSA Identity Management and Governance (IMG) 6.9.1 Hidden Form Fields Vulnerability - False Positive
Originally Published: 2016-05-30
Article Number
Applies To
Article Summary
The greatest danger from exploitation of hidden form field design vulnerability is that the attacker will gain information that will help in orchestrating a far more dangerous attack.
Alert Impact
Not Applicable
Alert Impact Explanation
The scanner used here (i.e., HP WebInspect) seems to have been triggered by the presence of any hidden form fields on the page, as opposed to any sign that the hidden fields are used for security/validation/system state. The scanner flagged specifically the hidden fields that RSA Identity Management and Governance 6.9.1 uses to track the screen size and the hidden submission field, none of which are related to security/validation/system state.
Disclaimer
Related Articles
RSA Via Lifecycle & Governance Information Defined in User Detail Popups Number of Views RSA Identity Management and Governance (IMG) 6.9.1 Session Management Predictable Session ID Vulnerability - False Positive Number of Views Downloading a Virtual Card; Trouble connecting to Netscape LDAP Directory Server Number of Views QuickAdmin - Having trouble accessing Authentication Page using Port 8080 Number of Views How to access the aveksaServer.log and aveksaServerInfo.log files in RSA Identity Governance & Lifecycle Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
