RSA Identity Management and Governance (IMG) 6.9.1 Hidden Form Fields Vulnerability - False Positive
Originally Published: 2016-05-30
Article Number
Applies To
Article Summary
The greatest danger from exploitation of hidden form field design vulnerability is that the attacker will gain information that will help in orchestrating a far more dangerous attack.
Alert Impact
Not Applicable
Alert Impact Explanation
The scanner used here (i.e., HP WebInspect) seems to have been triggered by the presence of any hidden form fields on the page, as opposed to any sign that the hidden fields are used for security/validation/system state. The scanner flagged specifically the hidden fields that RSA Identity Management and Governance 6.9.1 uses to track the screen size and the hidden submission field, none of which are related to security/validation/system state.
Disclaimer
Related Articles
RSA Identity Management and Governance (IMG) 6.9.1 Session Management Predictable Session ID Vulnerability - False Positive Number of Views RSA Via Lifecycle & Governance Information Defined in User Detail Popups Number of Views What logs to collect to trouble shoot AM Prime Number of Views Downloading a Virtual Card; Trouble connecting to Netscape LDAP Directory Server Number of Views QuickAdmin - Having trouble accessing Authentication Page using Port 8080 Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
