Reverse Tabnabbing issue with API Developer Portal
Article ID: 189928
Updated On:
Products
CA API Developer Portal
Issue/Introduction
According some Ethical Hackers in API Portal - is not fully protected against reverse tabnabbing .
In the example the link ‘play video’ is linking to an external url, using target=”_blank”, but not providing rel=”noopener”.
In the example the link ‘play video’ is linking to an external url, using target=”_blank”, but not providing rel=”noopener”.
Environment
Release : 4.x
Component : API PORTAL
Resolution
We have examined the issue and concluded that all the URLs pointing to the external domain are either pointing to our ca.com or broadcom.com domain, both of which are owned by Broadcom
This is by design and its references to our support pages, community pages, documentation, and some of our static resources like videos.
We do not see this t as a security issue and hence would not be able to publish any CVE for this .
We will add this as a bug in our backlog for portal to address this concern.
This is by design and its references to our support pages, community pages, documentation, and some of our static resources like videos.
We do not see this t as a security issue and hence would not be able to publish any CVE for this .
We will add this as a bug in our backlog for portal to address this concern.
Feedback
Yes
No
Powered by
