RSA Identity Management and Governance (IMG) 6.9.1 Hidden Form Fields Vulnerability - False Positive
Originally Published: 2016-05-30
Article Number
Applies To
Article Summary
The greatest danger from exploitation of hidden form field design vulnerability is that the attacker will gain information that will help in orchestrating a far more dangerous attack.
Alert Impact
Not Applicable
Alert Impact Explanation
The scanner used here (i.e., HP WebInspect) seems to have been triggered by the presence of any hidden form fields on the page, as opposed to any sign that the hidden fields are used for security/validation/system state. The scanner flagged specifically the hidden fields that RSA Identity Management and Governance 6.9.1 uses to track the screen size and the hidden submission field, none of which are related to security/validation/system state.
Disclaimer
Related Articles
RSA Identity Management and Governance (IMG) 6.9.1 Session Management Predictable Session ID Vulnerability - False Positive Number of Views RSA Via Lifecycle & Governance Information Defined in User Detail Popups Number of Views Downloading a Virtual Card; Trouble connecting to Netscape LDAP Directory Server Number of Views What logs to collect to trouble shoot AM Prime Number of Views QuickAdmin - Having trouble accessing Authentication Page using Port 8080 Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
