RSA Identity Management and Governance (IMG) 6.9.1 Hidden Form Fields Vulnerability - False Positive
Originally Published: 2016-05-30
Article Number
Applies To
Article Summary
The greatest danger from exploitation of hidden form field design vulnerability is that the attacker will gain information that will help in orchestrating a far more dangerous attack.
Alert Impact
Not Applicable
Alert Impact Explanation
The scanner used here (i.e., HP WebInspect) seems to have been triggered by the presence of any hidden form fields on the page, as opposed to any sign that the hidden fields are used for security/validation/system state. The scanner flagged specifically the hidden fields that RSA Identity Management and Governance 6.9.1 uses to track the screen size and the hidden submission field, none of which are related to security/validation/system state.
Disclaimer
Related Articles
RSA Identity Management and Governance (IMG) 6.9.1 Session Management Predictable Session ID Vulnerability - False Positive Number of Views RSA Via Lifecycle & Governance Information Defined in User Detail Popups Number of Views Downloading a Virtual Card; Trouble connecting to Netscape LDAP Directory Server Number of Views QuickAdmin - Having trouble accessing Authentication Page using Port 8080 Number of Views How to access the aveksaServer.log and aveksaServerInfo.log files in RSA Identity Governance & Lifecycle Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
Don't see what you're looking for?
