Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-24628

Fix possible "Phishing by Navigating Browser Tabs" vulnerability

    XMLWordPrintableJSON

Details

    Description

      According to details found at https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/phishing-by-navigating-browser-tabs/, it is possible to change the "window.opener.location" value in browser windows opened using normal anchor tags where the "target" attribute is specified as "_blank".

      This gives an attacker the ability to change the parent location and thus potentially allow for a phishing attack to invoked.

      To help this situation, it is suggested that the following attribute be set along with the "target" attribute:

      rel="noopener noreferrer"

      For example:

      <a href="..." target="_blank" rel="noopener noreferrer">...</a>

      Attachments

        Activity

          People

            akovalenko Aleksandr Kovalenko
            apappu@hortonworks.com amarnath reddy pappu
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 1h 20m
                1h 20m