RSA Identity Management and Governance (IMG) 6.9.1 Hidden Form Fields Vulnerability - False Positive
Originally Published: 2016-05-30
Article Number
Applies To
Article Summary
The greatest danger from exploitation of hidden form field design vulnerability is that the attacker will gain information that will help in orchestrating a far more dangerous attack.
Alert Impact
Not Applicable
Alert Impact Explanation
The scanner used here (i.e., HP WebInspect) seems to have been triggered by the presence of any hidden form fields on the page, as opposed to any sign that the hidden fields are used for security/validation/system state. The scanner flagged specifically the hidden fields that RSA Identity Management and Governance 6.9.1 uses to track the screen size and the hidden submission field, none of which are related to security/validation/system state.
Disclaimer
Related Articles
RSA Identity Management and Governance (IMG) 6.9.1 Session Management Predictable Session ID Vulnerability - False Positive Number of Views RSA Via Lifecycle & Governance Information Defined in User Detail Popups Number of Views Downloading a Virtual Card; Trouble connecting to Netscape LDAP Directory Server Number of Views QuickAdmin - Having trouble accessing Authentication Page using Port 8080 Number of Views How to access the aveksaServer.log and aveksaServerInfo.log files in RSA Identity Governance & Lifecycle Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA-2026-07: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
